Message	Id	Version	Qualifiers	Level	Task	Opcode	Keywords	RecordId	ProviderName	ProviderId	LogName	ProcessId	ThreadId	MachineName	UserId	TimeCreated	ActivityId	RelatedActivityId	ContainerLog	MatchedQueryIds	Bookmark	LevelDisplayName	OpcodeDisplayName	TaskDisplayName	KeywordsDisplayNames	Properties
PowerShell console is ready for user input	40962	1		4	4	2	0	2241	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1128	1140	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:25 PM	839e3e65-ff4b-0004-b052-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1128 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2240	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1128	3016	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:25 PM	839e3e65-ff4b-0004-b052-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2239	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1128	1140	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:25 PM	839e3e65-ff4b-0004-b052-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 35e8e1d5-7870-4ed1-b71e-322ea1b03a4a Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 3935065c-f45e-4197-bf7c-78316ad5544e Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	2238	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1500	3472	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:25 PM	839e3e65-ff4b-0000-3655-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: b6ffd8d7-f285-48ab-94a5-938ebd2bec2c Path:	4104	1		3	2	15	0	2237	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1500	4788	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:24 PM	839e3e65-ff4b-0004-ad52-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: b6861d1f-4a78-428e-bcbf-01f84316be82 Path:	4104	1		3	2	15	0	2236	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1500	4788	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:24 PM	839e3e65-ff4b-0003-887d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 61807b89-cee7-4e1d-a34a-21efcd9bd9b0 Path:	4104	1		3	2	15	0	2235	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1500	4788	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:24 PM	839e3e65-ff4b-0003-797d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): XRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "C:\\collect-event-log.ps1", "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 7cfdda00-5af1-40f5-9784-6aece9635bbe Path:	4104	1		3	2	15	0	2234	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1500	4788	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:24 PM	839e3e65-ff4b-0003-737d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): dAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQY ScriptBlock ID: 7cfdda00-5af1-40f5-9784-6aece9635bbe Path:	4104	1		3	2	15	0	2233	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1500	4788	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:24 PM	839e3e65-ff4b-0003-737d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): HdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVs ScriptBlock ID: 7cfdda00-5af1-40f5-9784-6aece9635bbe Path:	4104	1		3	2	15	0	2232	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1500	4788	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:24 PM	839e3e65-ff4b-0003-737d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): ZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsI ScriptBlock ID: 7cfdda00-5af1-40f5-9784-6aece9635bbe Path:	4104	1		3	2	15	0	2231	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1500	4788	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:24 PM	839e3e65-ff4b-0003-737d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGlu ScriptBlock ID: 7cfdda00-5af1-40f5-9784-6aece9635bbe Path:	4104	1		3	2	15	0	2230	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1500	4788	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:24 PM	839e3e65-ff4b-0003-737d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2229	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1500	2924	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:24 PM	839e3e65-ff4b-0005-db5e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1500 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2228	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1500	1144	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:24 PM	839e3e65-ff4b-0005-db5e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2227	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1500	2924	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:24 PM	839e3e65-ff4b-0005-db5e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2226	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4804	2952	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:22 PM	839e3e65-ff4b-0005-d85e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4804 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2225	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4804	96	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:21 PM	839e3e65-ff4b-0005-d85e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2224	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4804	2952	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:21 PM	839e3e65-ff4b-0005-d85e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2223	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2892	1548	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:21 PM	839e3e65-ff4b-0005-d75e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2892 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2222	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2892	2468	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:21 PM	839e3e65-ff4b-0005-d75e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2221	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2892	1548	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:21 PM	839e3e65-ff4b-0005-d75e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: 82409f2b-e165-4b6c-a215-80eae882bea2 Path:	4104	1		3	2	15	0	2220	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2968	4432	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:21 PM	839e3e65-ff4b-0005-b45e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: a3a753f8-8ecc-4330-9d43-d395f9533775 Path:	4104	1		3	2	15	0	2219	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2968	5020	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:21 PM	839e3e65-ff4b-0005-b35e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 04d0ee86-be03-46f8-a55e-1c4c03514029 Path:	4104	1		3	2	15	0	2218	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2968	5020	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:21 PM	839e3e65-ff4b-0005-ae5e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): ICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "src": "C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1641069138.17-128068979720311\\source", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "dest": "C:\\collect-event-log.ps1", "checksum": "f0e4c7145db8c7eba44bc8a5b81542c17749bbda", "_ansible_module_name": "copy", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_original_basename": "collect-event-log.ps1", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "mode": null, "_ansible_check_mode": false, "_ansible_shell_executable": "/bin/sh", "follow": false, "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1641069138.17-128068979720311'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: ebcaccd8-e962-4da6-bc44-ee0f98f9fa72 Path:	4104	1		3	2	15	0	2217	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2968	5020	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:20 PM	839e3e65-ff4b-0005-a85e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): 3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGly ScriptBlock ID: ebcaccd8-e962-4da6-bc44-ee0f98f9fa72 Path:	4104	1		3	2	15	0	2216	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2968	5020	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:20 PM	839e3e65-ff4b-0005-a85e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): lUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX ScriptBlock ID: ebcaccd8-e962-4da6-bc44-ee0f98f9fa72 Path:	4104	1		3	2	15	0	2215	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2968	5020	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:20 PM	839e3e65-ff4b-0005-a85e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmx ScriptBlock ID: ebcaccd8-e962-4da6-bc44-ee0f98f9fa72 Path:	4104	1		3	2	15	0	2214	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2968	5020	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:20 PM	839e3e65-ff4b-0005-a85e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2213	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2968	4076	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:20 PM	839e3e65-ff4b-0005-a65e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2968 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2212	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2968	220	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:20 PM	839e3e65-ff4b-0005-a65e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2211	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2968	4076	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:20 PM	839e3e65-ff4b-0005-a65e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1641069138.17-128068979720311\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: bcee1ee6-eaeb-4b78-b184-4f346bda57cc Path:	4104	1		3	2	15	0	2210	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3480	1796	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:20 PM	839e3e65-ff4b-0003-567d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2209	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3480	3832	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:20 PM	839e3e65-ff4b-0005-a35e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3480 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2208	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3480	4172	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:20 PM	839e3e65-ff4b-0005-a35e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2207	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3480	3832	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:20 PM	839e3e65-ff4b-0005-a35e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: bc7a2648-d38c-4eb1-b0a4-d6f884fdebe9 Path:	4104	1		3	2	15	0	2206	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3784	4424	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:19 PM	839e3e65-ff4b-0001-164f-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can be used; Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlying .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to manipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the original state. If you remove a privilege then this is irreversible and won't be part of the returned dict #> [CmdletBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to force csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privilege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current process' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # once a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: 73145a9d-9269-4d1c-bad0-203d98f6fe51 Path:	4104	1		3	2	15	0	2205	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3784	4424	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:19 PM	839e3e65-ff4b-0002-f7e7-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { ScriptBlock ID: 73145a9d-9269-4d1c-bad0-203d98f6fe51 Path:	4104	1		3	2	15	0	2204	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3784	4424	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:19 PM	839e3e65-ff4b-0002-f7e7-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 40ad81a7-a53e-498d-9c40-3861c8cbdc29 Path:	4104	1		3	2	15	0	2203	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3784	4424	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:19 PM	839e3e65-ff4b-0001-124f-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: ed62b3be-0770-4624-a6d7-168ff7758932 Path:	4104	1		3	2	15	0	2202	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3784	4424	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:19 PM	839e3e65-ff4b-0001-074f-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 6): gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMDEvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgICBmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJlbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2hhcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KCiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogICAgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmtfaW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGFyZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "stat", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_shell_executable": "/bin/sh", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "get_checksum": true, "_ansible_check_mode": false, "checksum_algo": "sha1", "follow": false, "path": "C:\\collect-event-log.ps1", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1641069138.17-128068979720311'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: f1d0f94f-9449-4622-a8e9-09274a31b8a4 Path:	4104	1		3	2	15	0	2201	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3784	4424	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:19 PM	839e3e65-ff4b-0001-014f-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 6): pbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4 ScriptBlock ID: f1d0f94f-9449-4622-a8e9-09274a31b8a4 Path:	4104	1		3	2	15	0	2200	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3784	4424	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:19 PM	839e3e65-ff4b-0001-014f-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 6): GFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkTGlua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhbmRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgICAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgICAgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0aCkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpbmtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KICAgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCgkbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0aCwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rpb24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGF ScriptBlock ID: f1d0f94f-9449-4622-a8e9-09274a31b8a4 Path:	4104	1		3	2	15	0	2199	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3784	4424	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:19 PM	839e3e65-ff4b-0001-014f-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 6): khhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpKSB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGxhYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZW4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRVRfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKICAgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZWF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQzMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29udHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIEludFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpbmsoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogICAgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0aCA9IGhhcmRMaW5rUGF0aC5TdWJzdHJpbmcoMSwga ScriptBlock ID: f1d0f94f-9449-4622-a8e9-09274a31b8a4 Path:	4104	1		3	2	15	0	2198	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3784	4424	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:19 PM	839e3e65-ff4b-0001-014f-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 6): WxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpdmlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpbGVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3RhdGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hcnNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0aGVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzLCBuZXdTdGF0ZUJ5dGVzLCAwKTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgICAgICAgICAgZm9yIChpbnQgaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICAgICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgICAgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8IGVyckNvZGUgIT0gMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJvKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmFyeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGFsLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGVsbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92ZSBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiAkc3RhdHVzL ScriptBlock ID: f1d0f94f-9449-4622-a8e9-09274a31b8a4 Path:	4104	1		3	2	15	0	2197	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3784	4424	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:19 PM	839e3e65-ff4b-0001-014f-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 6): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpbGVnZSkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmxlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBwcml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwgVE9LRU5fUFJJVklMRUdFUywgSW50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwuUHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAgICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0pIGZha ScriptBlock ID: f1d0f94f-9449-4622-a8e9-09274a31b8a4 Path:	4104	1		3	2	15	0	2196	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3784	4424	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:19 PM	839e3e65-ff4b-0001-014f-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2195	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3784	1184	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:19 PM	839e3e65-ff4b-0005-985e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3784 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2194	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3784	884	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:18 PM	839e3e65-ff4b-0005-985e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2193	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3784	1184	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:18 PM	839e3e65-ff4b-0005-985e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2192	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1968	508	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:18 PM	839e3e65-ff4b-0005-8a5e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1968 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2191	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1968	3628	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:18 PM	839e3e65-ff4b-0005-8a5e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2190	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1968	508	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:18 PM	839e3e65-ff4b-0005-8a5e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2189	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1212	4936	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:18 PM	839e3e65-ff4b-0005-895e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1212 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2188	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1212	4220	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:18 PM	839e3e65-ff4b-0005-895e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2187	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1212	4936	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:18 PM	839e3e65-ff4b-0005-895e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2186	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3856	2212	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:17 PM	839e3e65-ff4b-0005-805e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3856 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2185	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3856	1260	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:17 PM	839e3e65-ff4b-0005-805e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2184	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3856	2212	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:17 PM	839e3e65-ff4b-0005-805e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2183	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4380	1268	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:17 PM	839e3e65-ff4b-0005-7f5e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4380 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2182	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4380	4684	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:17 PM	839e3e65-ff4b-0005-7f5e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2181	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4380	1268	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:17 PM	839e3e65-ff4b-0005-7f5e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: 68df31e1-74e7-4f8c-8bbb-1000530501e1 Path:	4104	1		3	2	15	0	2180	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	776	4928	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:17 PM	839e3e65-ff4b-0002-c9e7-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: a71b170c-d6c3-4142-baf7-876c2005d4e8 Path:	4104	1		3	2	15	0	2179	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	776	3188	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:17 PM	839e3e65-ff4b-0005-785e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: e84212e9-29bc-4805-9a90-cec3674f43a9 Path:	4104	1		3	2	15	0	2178	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	776	3188	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:16 PM	839e3e65-ff4b-0005-695e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "src": "C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1641069134.02-204914885501243\\source", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "dest": "C:\\eventlogjs.txt", "checksum": "3d83b7bd9b4b6f109f75affd8ae845d7acd9808d", "_ansible_module_name": "copy", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_original_basename": "eventlogjs.txt", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "mode": null, "_ansible_check_mode": false, "_ansible_shell_executable": "/bin/sh", "follow": false, "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1641069134.02-204914885501243'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 6b18b3e9-dfff-448e-b7a8-92eed62d88ae Path:	4104	1		3	2	15	0	2177	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	776	3188	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:16 PM	839e3e65-ff4b-0005-635e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): GVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9 ScriptBlock ID: 6b18b3e9-dfff-448e-b7a8-92eed62d88ae Path:	4104	1		3	2	15	0	2176	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	776	3188	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:16 PM	839e3e65-ff4b-0005-635e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): 0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZ ScriptBlock ID: 6b18b3e9-dfff-448e-b7a8-92eed62d88ae Path:	4104	1		3	2	15	0	2175	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	776	3188	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:16 PM	839e3e65-ff4b-0005-635e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB ScriptBlock ID: 6b18b3e9-dfff-448e-b7a8-92eed62d88ae Path:	4104	1		3	2	15	0	2174	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	776	3188	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:16 PM	839e3e65-ff4b-0005-635e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2173	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	776	3484	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:16 PM	839e3e65-ff4b-0005-615e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 776 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2172	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	776	4768	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:16 PM	839e3e65-ff4b-0005-615e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2171	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	776	3484	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:16 PM	839e3e65-ff4b-0005-615e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1641069134.02-204914885501243\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: a2f677a8-cb94-4d3b-9f98-fccb2d7c5eb8 Path:	4104	1		3	2	15	0	2170	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2228	536	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:16 PM	839e3e65-ff4b-0003-2f7d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2169	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2228	2184	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:16 PM	839e3e65-ff4b-0005-605e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2228 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2168	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2228	5068	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:16 PM	839e3e65-ff4b-0005-605e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2167	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2228	2184	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:15 PM	839e3e65-ff4b-0005-605e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 1c340283-eb73-4e46-99f1-eeb7d273975c Path:	4104	1		3	2	15	0	2166	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4216	1848	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:15 PM	839e3e65-ff4b-0001-d64e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): mote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privilege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current process' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # once a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: a2b665bb-266a-4790-bea7-9c1328cfcb10 Path:	4104	1		3	2	15	0	2165	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4216	1848	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:15 PM	839e3e65-ff4b-0001-d24e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can be used; Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlying .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to manipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the original state. If you remove a privilege then this is irreversible and won't be part of the returned dict #> [CmdletBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to force csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($re ScriptBlock ID: a2b665bb-266a-4790-bea7-9c1328cfcb10 Path:	4104	1		3	2	15	0	2164	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4216	1848	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:15 PM	839e3e65-ff4b-0001-d24e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 1222bcd4-75e9-43ea-b345-c3db468f9ea9 Path:	4104	1		3	2	15	0	2163	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4216	1848	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:15 PM	839e3e65-ff4b-0001-ce4e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: cf66fa28-59f8-42da-b388-dfb651239d8b Path:	4104	1		3	2	15	0	2162	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4216	1848	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:15 PM	839e3e65-ff4b-0001-bf4e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (7 of 7): 5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMDEvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgICBmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJlbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2hhcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KCiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogICAgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmtfaW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGFyZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "stat", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_shell_executable": "/bin/sh", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "get_checksum": true, "_ansible_check_mode": false, "checksum_algo": "sha1", "follow": false, "path": "C:\\eventlogjs.txt", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1641069134.02-204914885501243'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 1e4e0d18-e8f7-49e9-a642-f10a4f828ea3 Path:	4104	1		3	2	15	0	2161	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4216	1848	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:15 PM	839e3e65-ff4b-0001-b94e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 7): lbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW ScriptBlock ID: 1e4e0d18-e8f7-49e9-a642-f10a4f828ea3 Path:	4104	1		3	2	15	0	2160	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4216	1848	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:15 PM	839e3e65-ff4b-0001-b94e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 7): XRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KICAgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCgkbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0aCwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rpb24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGR ScriptBlock ID: 1e4e0d18-e8f7-49e9-a642-f10a4f828ea3 Path:	4104	1		3	2	15	0	2159	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4216	1848	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:15 PM	839e3e65-ff4b-0001-b94e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 7): 2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpbmsoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogICAgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0aCA9IGhhcmRMaW5rUGF0aC5TdWJzdHJpbmcoMSwgaGFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkTGlua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhbmRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgICAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgICAgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0aCkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpbmtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0d ScriptBlock ID: 1e4e0d18-e8f7-49e9-a642-f10a4f828ea3 Path:	4104	1		3	2	15	0	2158	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4216	1848	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:15 PM	839e3e65-ff4b-0001-b94e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 7): Wdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92ZSBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiAkc3RhdHVzLkhhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpKSB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGxhYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZW4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRVRfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKICAgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZWF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQzMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29udHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIEludFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU ScriptBlock ID: 1e4e0d18-e8f7-49e9-a642-f10a4f828ea3 Path:	4104	1		3	2	15	0	2157	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4216	1848	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:15 PM	839e3e65-ff4b-0001-b94e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 7): CAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAgICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0pIGZhaWxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpdmlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpbGVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3RhdGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hcnNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0aGVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzLCBuZXdTdGF0ZUJ5dGVzLCAwKTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgICAgICAgICAgZm9yIChpbnQgaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICAgICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgICAgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8IGVyckNvZGUgIT0gMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJvKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmFyeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGFsLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGVsbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZ ScriptBlock ID: 1e4e0d18-e8f7-49e9-a642-f10a4f828ea3 Path:	4104	1		3	2	15	0	2156	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4216	1848	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:15 PM	839e3e65-ff4b-0001-b94e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 7): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpbGVnZSkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmxlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBwcml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwgVE9LRU5fUFJJVklMRUdFUywgSW50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwuUHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogI ScriptBlock ID: 1e4e0d18-e8f7-49e9-a642-f10a4f828ea3 Path:	4104	1		3	2	15	0	2155	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4216	1848	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:15 PM	839e3e65-ff4b-0001-b94e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2154	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4216	4812	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:14 PM	839e3e65-ff4b-0005-555e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4216 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2153	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4216	4244	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:14 PM	839e3e65-ff4b-0005-555e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2152	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4216	4812	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:14 PM	839e3e65-ff4b-0005-555e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2151	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4872	4344	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:14 PM	839e3e65-ff4b-0005-495e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4872 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2150	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4872	1132	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:14 PM	839e3e65-ff4b-0005-495e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2149	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4872	4344	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:14 PM	839e3e65-ff4b-0005-495e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2148	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	704	5012	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:14 PM	839e3e65-ff4b-0005-455e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 704 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2147	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	704	4456	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:14 PM	839e3e65-ff4b-0005-455e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2146	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	704	5012	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:14 PM	839e3e65-ff4b-0005-455e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2145	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2008	4192	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:13 PM	839e3e65-ff4b-0005-405e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2008 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2144	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2008	1144	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:13 PM	839e3e65-ff4b-0005-405e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2143	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2008	4192	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:13 PM	839e3e65-ff4b-0005-405e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2142	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4320	2260	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:13 PM	839e3e65-ff4b-0005-3f5e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4320 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2141	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4320	1140	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:13 PM	839e3e65-ff4b-0005-3f5e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2140	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4320	2260	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:13 PM	839e3e65-ff4b-0005-3f5e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: ae02f84d-85af-4fce-9ca1-161b4d068ea9 Path:	4104	1		3	2	15	0	2139	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4708	3852	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:13 PM	839e3e65-ff4b-0005-1d5e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 0110606b-043c-4bae-b26f-1d82f3c4d7a1 Path:	4104	1		3	2	15	0	2138	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4708	5028	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:13 PM	839e3e65-ff4b-0005-1c5e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 2df577ad-71f7-49d8-a44f-4e504a841cd7 Path:	4104	1		3	2	15	0	2137	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4708	5028	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:12 PM	839e3e65-ff4b-0005-175e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): ZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "src": "C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1641069129.79-248417062417679\\source", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "dest": "C:\\eventlogcss.txt", "checksum": "d051fdb120afddc6f99086f6b8b905bce125cb45", "_ansible_module_name": "copy", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_original_basename": "eventlogcss.txt", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "mode": null, "_ansible_check_mode": false, "_ansible_shell_executable": "/bin/sh", "follow": false, "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1641069129.79-248417062417679'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 3ec13038-5039-46ff-bde8-92d4490a17cb Path:	4104	1		3	2	15	0	2136	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4708	5028	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:12 PM	839e3e65-ff4b-0005-115e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): 24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBk ScriptBlock ID: 3ec13038-5039-46ff-bde8-92d4490a17cb Path:	4104	1		3	2	15	0	2135	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4708	5028	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:12 PM	839e3e65-ff4b-0005-115e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): gICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb ScriptBlock ID: 3ec13038-5039-46ff-bde8-92d4490a17cb Path:	4104	1		3	2	15	0	2134	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4708	5028	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:12 PM	839e3e65-ff4b-0005-115e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewo ScriptBlock ID: 3ec13038-5039-46ff-bde8-92d4490a17cb Path:	4104	1		3	2	15	0	2133	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4708	5028	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:12 PM	839e3e65-ff4b-0005-115e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2132	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4708	4440	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:12 PM	839e3e65-ff4b-0005-0f5e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4708 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2131	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4708	1576	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:12 PM	839e3e65-ff4b-0005-0f5e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2130	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4708	4440	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:12 PM	839e3e65-ff4b-0005-0f5e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1641069129.79-248417062417679\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: f3393618-a3c8-4f49-ac4c-5058d2ff1052 Path:	4104	1		3	2	15	0	2129	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2688	4420	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:12 PM	839e3e65-ff4b-0003-097d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2128	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2688	5076	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:11 PM	839e3e65-ff4b-0005-0c5e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2688 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2127	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2688	4800	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:11 PM	839e3e65-ff4b-0005-0c5e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2126	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2688	5076	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:11 PM	839e3e65-ff4b-0005-0c5e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: ac3264e2-c151-4755-87c6-c11a8406d8ad Path:	4104	1		3	2	15	0	2125	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3752	1272	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:11 PM	839e3e65-ff4b-0001-964e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): ePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can be used; Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlying .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to manipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the original state. If you remove a privilege then this is irreversible and won't be part of the returned dict #> [CmdletBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to force csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privilege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current process' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # once a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: bb39134e-770e-4754-9a26-7d4e85d98f80 Path:	4104	1		3	2	15	0	2124	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3752	1272	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:11 PM	839e3e65-ff4b-0004-4152-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStat ScriptBlock ID: bb39134e-770e-4754-9a26-7d4e85d98f80 Path:	4104	1		3	2	15	0	2123	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3752	1272	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:11 PM	839e3e65-ff4b-0004-4152-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: ff71b000-22e1-4d79-914b-db9cadf37218 Path:	4104	1		3	2	15	0	2122	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3752	1272	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:11 PM	839e3e65-ff4b-0002-8be7-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 93dd1d4d-7d7a-49a9-b687-a111304e55b2 Path:	4104	1		3	2	15	0	2121	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3752	1272	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:11 PM	839e3e65-ff4b-0001-874e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (8 of 8): EvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgICBmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJlbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2hhcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KCiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogICAgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmtfaW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGFyZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "stat", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_shell_executable": "/bin/sh", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "get_checksum": true, "_ansible_check_mode": false, "checksum_algo": "sha1", "follow": false, "path": "C:\\eventlogcss.txt", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1641069129.79-248417062417679'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: a8338fdd-6f7a-4293-b5aa-43855f187905 Path:	4104	1		3	2	15	0	2120	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3752	1272	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:10 PM	839e3e65-ff4b-0001-814e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (7 of 8): taXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMD ScriptBlock ID: a8338fdd-6f7a-4293-b5aa-43855f187905 Path:	4104	1		3	2	15	0	2119	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3752	1272	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:10 PM	839e3e65-ff4b-0001-814e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 8): CwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rpb24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSA ScriptBlock ID: a8338fdd-6f7a-4293-b5aa-43855f187905 Path:	4104	1		3	2	15	0	2118	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3752	1272	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:10 PM	839e3e65-ff4b-0001-814e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 8): CA9IGhhcmRMaW5rUGF0aC5TdWJzdHJpbmcoMSwgaGFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkTGlua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhbmRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgICAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgICAgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0aCkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpbmtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KICAgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCgkbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0a ScriptBlock ID: a8338fdd-6f7a-4293-b5aa-43855f187905 Path:	4104	1		3	2	15	0	2117	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3752	1272	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:10 PM	839e3e65-ff4b-0001-814e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 8): Ch7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRVRfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKICAgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZWF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQzMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29udHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIEludFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpbmsoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogICAgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0a ScriptBlock ID: a8338fdd-6f7a-4293-b5aa-43855f187905 Path:	4104	1		3	2	15	0	2116	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3752	1272	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:10 PM	839e3e65-ff4b-0001-814e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 8): CAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJvKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmFyeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGFsLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGVsbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92ZSBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiAkc3RhdHVzLkhhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpKSB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGxhYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZW4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9I ScriptBlock ID: a8338fdd-6f7a-4293-b5aa-43855f187905 Path:	4104	1		3	2	15	0	2115	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3752	1272	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:10 PM	839e3e65-ff4b-0001-814e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 8): GlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBwcml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwgVE9LRU5fUFJJVklMRUdFUywgSW50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwuUHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAgICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0pIGZhaWxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpdmlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpbGVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3RhdGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hcnNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0aGVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzLCBuZXdTdGF0ZUJ5dGVzLCAwKTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgICAgICAgICAgZm9yIChpbnQgaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICAgICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgICAgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8IGVyckNvZGUgIT0gMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKI ScriptBlock ID: a8338fdd-6f7a-4293-b5aa-43855f187905 Path:	4104	1		3	2	15	0	2114	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3752	1272	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:10 PM	839e3e65-ff4b-0001-814e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 8): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpbGVnZSkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmxlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljd ScriptBlock ID: a8338fdd-6f7a-4293-b5aa-43855f187905 Path:	4104	1		3	2	15	0	2113	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3752	1272	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:10 PM	839e3e65-ff4b-0001-814e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2112	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3752	4168	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:10 PM	839e3e65-ff4b-0005-035e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3752 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2111	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3752	4140	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:10 PM	839e3e65-ff4b-0005-035e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2110	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3752	4168	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:10 PM	839e3e65-ff4b-0005-035e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2109	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3844	1600	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:10 PM	839e3e65-ff4b-0005-f65d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3844 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2108	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3844	2100	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:10 PM	839e3e65-ff4b-0005-f65d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2107	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3844	1600	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:10 PM	839e3e65-ff4b-0005-f65d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2106	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1356	3500	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:10 PM	839e3e65-ff4b-0005-f55d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1356 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2105	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1356	3152	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:10 PM	839e3e65-ff4b-0005-f55d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2104	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1356	3500	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:09 PM	839e3e65-ff4b-0005-f55d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 738fd238-8a12-49e5-a570-304379cd6f34 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 57ad106f-708b-4635-bc43-f549c455487a Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 35 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	2103	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3104	4224	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:05 PM	839e3e65-ff4b-0005-b45d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $_.$guid_key -eq $adapter.SettingID } ScriptBlock ID: 479072b2-4d76-4ce3-aea9-831df06bd072 Path:	4104	1		3	2	15	0	2102	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3104	4224	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:05 PM	839e3e65-ff4b-0005-ae5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Error Message = The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The term 'facter' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Fully Qualified Error ID = CommandNotFoundException,Microsoft.PowerShell.Commands.GetCommandCommand Context: Severity = Warning Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 738fd238-8a12-49e5-a570-304379cd6f34 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 57ad106f-708b-4635-bc43-f549c455487a Pipeline ID = 5 Command Name = Get-Command Command Type = Cmdlet Script Name = Command Path = Sequence Number = 33 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4100	1		3	106	19	0	2101	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3104	4224	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:05 PM	839e3e65-ff4b-0005-a75d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	To be used when an exception is raised	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2018, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy Function Get-CustomFacts { [cmdletBinding()] param ( [Parameter(mandatory=$false)] $factpath = $null ) if (-not (Test-Path -Path $factpath)) { Fail-Json $result "The path $factpath does not exist. Typo?" } $FactsFiles = Get-ChildItem -Path $factpath | Where-Object -FilterScript {($PSItem.PSIsContainer -eq $false) -and ($PSItem.Extension -eq '.ps1')} foreach ($FactsFile in $FactsFiles) { $out = & $($FactsFile.FullName) $result.ansible_facts.Add("ansible_$(($FactsFile.Name).Split('.')[0])", $out) } } Function Get-MachineSid { # The Machine SID is stored in HKLM:\SECURITY\SAM\Domains\Account and is # only accessible by the Local System account. This method get's the local # admin account (ends with -500) and lops it off to get the machine sid. $admins_sid = "S-1-5-32-544" $admin_group = ([Security.Principal.SecurityIdentifier]$admins_sid).Translate([Security.Principal.NTAccount]).Value Add-Type -AssemblyName System.DirectoryServices.AccountManagement $principal_context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine) $group_principal = New-Object -TypeName System.DirectoryServices.AccountManagement.GroupPrincipal($principal_context, $admin_group) $searcher = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalSearcher($group_principal) $groups = $searcher.FindOne() $machine_sid = $null foreach ($user in $groups.Members) { $user_sid = $user.Sid if ($user_sid.Value.EndsWith("-500")) { $machine_sid = $user_sid.AccountDomainSid.Value break } } return $machine_sid } $cim_instances = @{} Function Get-LazyCimInstance([string]$instance_name, [string]$namespace="Root\CIMV2") { if(-not $cim_instances.ContainsKey($instance_name)) { $cim_instances[$instance_name] = $(Get-CimInstance -Namespace $namespace -ClassName $instance_name) } return $cim_instances[$instance_name] } $result = @{ ansible_facts = @{ } changed = $false } $grouped_subsets = @{ min=[System.Collections.Generic.List[string]]@('date_time','distribution','dns','env','local','platform','powershell_version','user') network=[System.Collections.Generic.List[string]]@('all_ipv4_addresses','all_ipv6_addresses','interfaces','windows_domain', 'winrm') hardware=[System.Collections.Generic.List[string]]@('bios','memory','processor','uptime') external=[System.Collections.Generic.List[string]]@('facter') } # build "all" set from everything mentioned in the group- this means every value must be in at least one subset to be considered legal $all_set = [System.Collections.Generic.HashSet[string]]@() foreach($kv in $grouped_subsets.GetEnumerator()) { [void] $all_set.UnionWith($kv.Value) } # dynamically create an "all" subset now that we know what should be in it $grouped_subsets['all'] = [System.Collections.Generic.List[string]]$all_set # start with all, build up gather and exclude subsets $gather_subset = [System.Collections.Generic.HashSet[string]]$grouped_subsets.all $explicit_subset = [System.Collections.Generic.HashSet[string]]@() $exclude_subset = [System.Collections.Generic.HashSet[string]]@() $params = Parse-Args $args -supports_check_mode $true $factpath = Get-AnsibleParam -obj $params -name "fact_path" -type "path" $gather_subset_source = Get-AnsibleParam -obj $params -name "gather_subset" -type "list" -default "all" foreach($item in $gather_subset_source) { if(([string]$item).StartsWith("!")) { $item = ([string]$item).Substring(1) if($item -eq "all") { $all_minus_min = [System.Collections.Generic.HashSet[string]]@($all_set) [void] $all_minus_min.ExceptWith($grouped_subsets.min) [void] $exclude_subset.UnionWith($all_minus_min) } elseif($grouped_subsets.ContainsKey($item)) { [void] $exclude_subset.UnionWith($grouped_subsets[$item]) } elseif($all_set.Contains($item)) { [void] $exclude_subset.Add($item) } # NB: invalid exclude values are ignored, since that's what posix setup does } else { if($grouped_subsets.ContainsKey($item)) { [void] $explicit_subset.UnionWith($grouped_subsets[$item]) } elseif($all_set.Contains($item)) { [void] $explicit_subset.Add($item) } else { # NB: POSIX setup fails on invalid value; we warn, because we don't implement the same set as POSIX # and we don't have platform-specific config for this... Add-Warning $result "invalid value $item specified in gather_subset" } } } [void] $gather_subset.ExceptWith($exclude_subset) [void] $gather_subset.UnionWith($explicit_subset) $ansible_facts = @{ gather_subset=@($gather_subset_source) module_setup=$true } $osversion = [Environment]::OSVersion if($gather_subset.Contains('all_ipv4_addresses') -or $gather_subset.Contains('all_ipv6_addresses')) { $netcfg = Get-LazyCimInstance Win32_NetworkAdapterConfiguration # TODO: split v4/v6 properly, return in separate keys $ips = @() Foreach ($ip in $netcfg.IPAddress) { If ($ip) { $ips += $ip } } $ansible_facts += @{ ansible_ip_addresses = $ips } } if($gather_subset.Contains('bios')) { $win32_bios = Get-LazyCimInstance Win32_Bios $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $ansible_facts += @{ ansible_bios_date = $win32_bios.ReleaseDate.ToString("MM/dd/yyyy") ansible_bios_version = $win32_bios.SMBIOSBIOSVersion ansible_product_name = $win32_cs.Model.Trim() ansible_product_serial = $win32_bios.SerialNumber # ansible_product_version = ([string] $win32_cs.SystemFamily) } } if($gather_subset.Contains('date_time')) { $datetime = (Get-Date) $datetime_utc = $datetime.ToUniversalTime() $date = @{ date = $datetime.ToString("yyyy-MM-dd") day = $datetime.ToString("dd") epoch = (Get-Date -UFormat "%s") hour = $datetime.ToString("HH") iso8601 = $datetime_utc.ToString("yyyy-MM-ddTHH:mm:ssZ") iso8601_basic = $datetime.ToString("yyyyMMddTHHmmssffffff") iso8601_basic_short = $datetime.ToString("yyyyMMddTHHmmss") iso8601_micro = $datetime_utc.ToString("yyyy-MM-ddTHH:mm:ss.ffffffZ") minute = $datetime.ToString("mm") month = $datetime.ToString("MM") second = $datetime.ToString("ss") time = $datetime.ToString("HH:mm:ss") tz = ([System.TimeZoneInfo]::Local.Id) tz_offset = $datetime.ToString("zzzz") # Ensure that the weekday is in English weekday = $datetime.ToString("dddd", [System.Globalization.CultureInfo]::InvariantCulture) weekday_number = (Get-Date -UFormat "%w") weeknumber = (Get-Date -UFormat "%W") year = $datetime.ToString("yyyy") } $ansible_facts += @{ ansible_date_time = $date } } if($gather_subset.Contains('distribution')) { $win32_os = Get-LazyCimInstance Win32_OperatingSystem $product_type = switch($win32_os.ProductType) { 1 { "workstation" } 2 { "domain_controller" } 3 { "server" } default { "unknown" } } $ansible_facts += @{ ansible_distribution = $win32_os.Caption ansible_distribution_version = $osversion.Version.ToString() ansible_distribution_major_version = $osversion.Version.Major.ToString() ansible_os_family = "Windows" ansible_os_name = ($win32_os.Name.Split('|')[0]).Trim() ansible_os_product_type = $product_type } } if($gather_subset.Contains('env')) { $env_vars = @{ } foreach ($item in Get-ChildItem Env:) { $name = $item | select -ExpandProperty Name # Powershell ConvertTo-Json fails if string ends with \ $value = ($item | select -ExpandProperty Value).TrimEnd("\") $env_vars.Add($name, $value) } $ansible_facts += @{ ansible_env = $env_vars } } if($gather_subset.Contains('facter')) { # See if Facter is on the System Path Try { $facter_exe = Get-Command facter -ErrorAction Stop $facter_installed = $true } Catch { $facter_installed = $false } # Get JSON from Facter, and parse it out. if ($facter_installed) { &facter -j | Tee-Object -Variable facter_output | Out-Null $facts = "$facter_output" | ConvertFrom-Json ForEach($fact in $facts.PSObject.Properties) { $fact_name = $fact.Name $ansible_facts.Add("facter_$fact_name", $fact.Value) } } } if($gather_subset.Contains('interfaces')) { $netcfg = Get-LazyCimInstance Win32_NetworkAdapterConfiguration $ActiveNetcfg = @() $ActiveNetcfg += $netcfg | where {$_.ipaddress -ne $null} $namespaces = Get-LazyCimInstance __Namespace -namespace root if ($namespaces | Where-Object { $_.Name -eq "StandardCimv" }) { $net_adapters = Get-LazyCimInstance MSFT_NetAdapter -namespace Root\StandardCimv2 $guid_key = "InterfaceGUID" $name_key = "Name" } else { $net_adapters = Get-LazyCimInstance Win32_NetworkAdapter $guid_key = "GUID" $name_key = "NetConnectionID" } $formattednetcfg = @() foreach ($adapter in $ActiveNetcfg) { $thisadapter = @{ default_gateway = $null connection_name = $null dns_domain = $adapter.dnsdomain interface_index = $adapter.InterfaceIndex interface_name = $adapter.description macaddress = $adapter.macaddress } if ($adapter.defaultIPGateway) { $thisadapter.default_gateway = $adapter.DefaultIPGateway[0].ToString() } $net_adapter = $net_adapters | Where-Object { $_.$guid_key -eq $adapter.SettingID } if ($net_adapter) { $thisadapter.connection_name = $net_adapter.$name_key } $formattednetcfg += $thisadapter } $ansible_facts += @{ ansible_interfaces = $formattednetcfg } } if ($gather_subset.Contains("local") -and $factpath -ne $null) { # Get any custom facts; results are updated in the Get-CustomFacts -factpath $factpath } if($gather_subset.Contains('memory')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ansible_facts += @{ # Win32_PhysicalMemory is empty on some virtual platforms ansible_memtotal_mb = ([math]::round($win32_cs.TotalPhysicalMemory / 1024 / 1024)) ansible_swaptotal_mb = ([math]::round($win32_os.TotalSwapSpaceSize / 1024 / 1024)) } } if($gather_subset.Contains('platform')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ip_props = [System.Net.NetworkInformation.IPGlobalProperties]::GetIPGlobalProperties() $ansible_facts += @{ ansible_architecture = $win32_os.OSArchitecture ansible_domain = $ip_props.DomainName ansible_fqdn = ($ip_props.Hostname + "." + $ip_props.DomainName) ansible_hostname = $env:COMPUTERNAME ansible_kernel = $osversion.Version.ToString() ansible_nodename = ($ip_props.HostName + "." + $ip_props.DomainName) ansible_machine_id = Get-MachineSid ansible_owner_contact = ([string] $win32_cs.PrimaryOwnerContact) ansible_owner_name = ([string] $win32_cs.PrimaryOwnerName) # FUTURE: should this live in its own subset? ansible_reboot_pending = (Get-PendingRebootStatus) ansible_system = $osversion.Platform.ToString() ansible_system_description = ([string] $win32_os.Description) ansible_system_vendor = $win32_cs.Manufacturer } } if($gather_subset.Contains('powershell_version')) { $ansible_facts += @{ ansible_powershell_version = ($PSVersionTable.PSVersion.Major) } } if($gather_subset.Contains('processor')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_cpu = Get-LazyCimInstance Win32_Processor if ($win32_cpu -is [array]) { # multi-socket, pick first $win32_cpu = $win32_cpu[0] } $cpu_list = @( ) for ($i=1; $i -le ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors); $i++) { $cpu_list += $win32_cpu.Manufacturer $cpu_list += $win32_cpu.Name } $ansible_facts += @{ ansible_processor = $cpu_list ansible_processor_cores = $win32_cpu.NumberOfCores ansible_processor_count = $win32_cs.NumberOfProcessors ansible_processor_threads_per_core = ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors / $win32_cpu.NumberOfCores) ansible_processor_vcpus = ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors) } } if($gather_subset.Contains('uptime')) { $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ansible_facts += @{ ansible_lastboot = $win32_os.lastbootuptime.ToString("u") ansible_uptime_seconds = $([System.Convert]::ToInt64($(Get-Date).Subtract($win32_os.lastbootuptime).TotalSeconds)) } } if($gather_subset.Contains('user')) { $user = [Security.Principal.WindowsIdentity]::GetCurrent() $ansible_facts += @{ ansible_user_dir = $env:userprofile # Win32_UserAccount.FullName is probably the right thing here, but it can be expensive to get on large domains ansible_user_gecos = "" ansible_user_id = $env:username ansible_user_sid = $user.User.Value } } if($gather_subset.Contains('windows_domain')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $domain_roles = @{ 0 = "Stand-alone workstation" 1 = "Member workstation" 2 = "Stand-alone server" 3 = "Member server" 4 = "Backup domain controller" 5 = "Primary domain controller" } $domain_role = $domain_roles.Get_Item([Int32]$win32_cs.DomainRole) $ansible_facts += @{ ansible_windows_domain = $win32_cs.Domain ansible_windows_domain_member = $win32_cs.PartOfDomain ansible_windows_domain_role = $domain_role } } if($gather_subset.Contains('winrm')) { $winrm_https_listener_parent_paths = Get-ChildItem -Path WSMan:\localhost\Listener -Recurse | Where-Object {$_.PSChildName -eq "Transport" -and $_.Value -eq "HTTPS"} | select PSParentPath if ($winrm_https_listener_parent_paths -isnot [array]) { $winrm_https_listener_parent_paths = @($winrm_https_listener_parent_paths) } $winrm_https_listener_paths = @() foreach ($winrm_https_listener_parent_path in $winrm_https_listener_parent_paths) { $winrm_https_listener_paths += $winrm_https_listener_parent_path.PSParentPath.Substring($winrm_https_listener_parent_path.PSParentPath.LastIndexOf("\")) } $https_listeners = @() foreach ($winrm_https_listener_path in $winrm_https_listener_paths) { $https_listeners += Get-ChildItem -Path "WSMan:\localhost\Listener$winrm_https_listener_path" } $winrm_cert_thumbprints = @() foreach ($https_listener in $https_listeners) { $winrm_cert_thumbprints += $https_listener | where {$_.Name -EQ "CertificateThumbprint" } | select Value } $winrm_cert_expiry = @() foreach ($winrm_cert_thumbprint in $winrm_cert_thumbprints) { Try { $winrm_cert_expiry += Get-ChildItem -Path Cert:\LocalMachine\My | where Thumbprint -EQ $winrm_cert_thumbprint.Value.ToString().ToUpper() | select NotAfter } Catch {} } $winrm_cert_expirations = $winrm_cert_expiry | Sort-Object NotAfter if ($winrm_cert_expirations) { # this fact was renamed from ansible_winrm_certificate_expires due to collision with ansible_winrm_X connection var pattern $ansible_facts.Add("ansible_win_rm_certificate_expires", $winrm_cert_expirations[0].NotAfter.ToString("yyyy-MM-dd HH:mm:ss")) } } $result.ansible_facts += $ansible_facts Exit-Json $result ScriptBlock ID: ea26e941-328c-48c4-9204-49eabb969983 Path:	4104	1		3	2	15	0	2100	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3104	4224	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:03 PM	839e3e65-ff4b-0000-5d54-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: e72c140f-625c-483c-9cc5-583dcb889888 Path:	4104	1		3	2	15	0	2099	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3104	884	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:03 PM	839e3e65-ff4b-0000-5054-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: cc7edb50-82a0-4e9d-a3ec-0511f0aa8466 Path:	4104	1		3	2	15	0	2098	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3104	884	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:02 PM	839e3e65-ff4b-0000-4b54-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): /sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 7b6a25fc-c4e2-4bf6-b9ef-260dcea76f27 Path:	4104	1		3	2	15	0	2097	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3104	884	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:02 PM	839e3e65-ff4b-0005-5d5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): U09OIGZyb20gRmFjdGVyLCBhbmQgcGFyc2UgaXQgb3V0LgogICAgaWYgKCRmYWN0ZXJfaW5zdGFsbGVkKSB7CiAgICAgICAgJmZhY3RlciAtaiB8IFRlZS1PYmplY3QgIC1WYXJpYWJsZSBmYWN0ZXJfb3V0cHV0IHwgT3V0LU51bGwKICAgICAgICAkZmFjdHMgPSAiJGZhY3Rlcl9vdXRwdXQiIHwgQ29udmVydEZyb20tSnNvbgogICAgICAgIEZvckVhY2goJGZhY3QgaW4gJGZhY3RzLlBTT2JqZWN0LlByb3BlcnRpZXMpIHsKICAgICAgICAgICAgJGZhY3RfbmFtZSA9ICRmYWN0Lk5hbWUKICAgICAgICAgICAgJGFuc2libGVfZmFjdHMuQWRkKCJmYWN0ZXJfJGZhY3RfbmFtZSIsICRmYWN0LlZhbHVlKQogICAgICAgIH0KICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ2ludGVyZmFjZXMnKSkgewogICAgJG5ldGNmZyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfTmV0d29ya0FkYXB0ZXJDb25maWd1cmF0aW9uCiAgICAkQWN0aXZlTmV0Y2ZnID0gQCgpCiAgICAkQWN0aXZlTmV0Y2ZnICs9ICRuZXRjZmcgfCB3aGVyZSB7JF8uaXBhZGRyZXNzIC1uZSAkbnVsbH0KCiAgICAkbmFtZXNwYWNlcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgX19OYW1lc3BhY2UgLW5hbWVzcGFjZSByb290CiAgICBpZiAoJG5hbWVzcGFjZXMgfCBXaGVyZS1PYmplY3QgeyAkXy5OYW1lIC1lcSAiU3RhbmRhcmRDaW12IiB9KSB7CiAgICAgICAgJG5ldF9hZGFwdGVycyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgTVNGVF9OZXRBZGFwdGVyIC1uYW1lc3BhY2UgUm9vdFxTdGFuZGFyZENpbXYyCiAgICAgICAgJGd1aWRfa2V5ID0gIkludGVyZmFjZUdVSUQiCiAgICAgICAgJG5hbWVfa2V5ID0gIk5hbWUiCiAgICB9IGVsc2UgewogICAgICAgICRuZXRfYWRhcHRlcnMgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX05ldHdvcmtBZGFwdGVyICAgICAgICAKICAgICAgICAkZ3VpZF9rZXkgPSAiR1VJRCIKICAgICAgICAkbmFtZV9rZXkgPSAiTmV0Q29ubmVjdGlvbklEIgogICAgfQoKICAgICRmb3JtYXR0ZWRuZXRjZmcgPSBAKCkKICAgIGZvcmVhY2ggKCRhZGFwdGVyIGluICRBY3RpdmVOZXRjZmcpCiAgICB7CiAgICAgICAgJHRoaXNhZGFwdGVyID0gQHsKICAgICAgICAgICAgZGVmYXVsdF9nYXRld2F5ID0gJG51bGwKICAgICAgICAgICAgY29ubmVjdGlvbl9uYW1lID0gJG51bGwKICAgICAgICAgICAgZG5zX2RvbWFpbiA9ICRhZGFwdGVyLmRuc2RvbWFpbgogICAgICAgICAgICBpbnRlcmZhY2VfaW5kZXggPSAkYWRhcHRlci5JbnRlcmZhY2VJbmRleAogICAgICAgICAgICBpbnRlcmZhY2VfbmFtZSA9ICRhZGFwdGVyLmRlc2NyaXB0aW9uCiAgICAgICAgICAgIG1hY2FkZHJlc3MgPSAkYWRhcHRlci5tYWNhZGRyZXNzCiAgICAgICAgfQoKICAgICAgICBpZiAoJGFkYXB0ZXIuZGVmYXVsdElQR2F0ZXdheSkKICAgICAgICB7CiAgICAgICAgICAgICR0aGlzYWRhcHRlci5kZWZhdWx0X2dhdGV3YXkgPSAkYWRhcHRlci5EZWZhdWx0SVBHYXRld2F5WzBdLlRvU3RyaW5nKCkKICAgICAgICB9CiAgICAgICAgJG5ldF9hZGFwdGVyID0gJG5ldF9hZGFwdGVycyB8IFdoZXJlLU9iamVjdCB7ICRfLiRndWlkX2tleSAtZXEgJGFkYXB0ZXIuU2V0dGluZ0lEIH0KICAgICAgICBpZiAoJG5ldF9hZGFwdGVyKSB7CiAgICAgICAgICAgICR0aGlzYWRhcHRlci5jb25uZWN0aW9uX25hbWUgPSAkbmV0X2FkYXB0ZXIuJG5hbWVfa2V5CiAgICAgICAgfQoKICAgICAgICAkZm9ybWF0dGVkbmV0Y2ZnICs9ICR0aGlzYWRhcHRlcgogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9pbnRlcmZhY2VzID0gJGZvcm1hdHRlZG5ldGNmZwogICAgfQp9CgppZiAoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoImxvY2FsIikgLWFuZCAkZmFjdHBhdGggLW5lICRudWxsKSB7CiAgICAjIEdldCBhbnkgY3VzdG9tIGZhY3RzOyByZXN1bHRzIGFyZSB1cGRhdGVkIGluIHRoZQogICAgR2V0LUN1c3RvbUZhY3RzIC1mYWN0cGF0aCAkZmFjdHBhdGgKfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ21lbW9yeScpKSB7CiAgICAkd2luMzJfY3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX0NvbXB1dGVyU3lzdGVtCiAgICAkd2luMzJfb3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX09wZXJhdGluZ1N5c3RlbQogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICAjIFdpbjMyX1BoeXNpY2FsTWVtb3J5IGlzIGVtcHR5IG9uIHNvbWUgdmlydHVhbCBwbGF0Zm9ybXMKICAgICAgICBhbnNpYmxlX21lbXRvdGFsX21iID0gKFttYXRoXTo6cm91bmQoJHdpbjMyX2NzLlRvdGFsUGh5c2ljYWxNZW1vcnkgLyAxMDI0IC8gMTAyNCkpCiAgICAgICAgYW5zaWJsZV9zd2FwdG90YWxfbWIgPSAoW21hdGhdOjpyb3VuZCgkd2luMzJfb3MuVG90YWxTd2FwU3BhY2VTaXplIC8gMTAyNCAvIDEwMjQpKQogICAgfQp9CgoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ3BsYXRmb3JtJykpIHsKICAgICR3aW4zMl9jcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfQ29tcHV0ZXJTeXN0ZW0KICAgICR3aW4zMl9vcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfT3BlcmF0aW5nU3lzdGVtCiAgICAkaXBfcHJvcHMgPSBbU3lzdGVtLk5ldC5OZXR3b3JrSW5mb3JtYXRpb24uSVBHbG9iYWxQcm9wZXJ0aWVzXTo6R2V0SVBHbG9iYWxQcm9wZXJ0aWVzKCkKCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfYXJjaGl0ZWN0dXJlID0gJHdpbjMyX29zLk9TQXJjaGl0ZWN0dXJlCiAgICAgICAgYW5zaWJsZV9kb21haW4gPSAkaXBfcHJvcHMuRG9tYWluTmFtZQogICAgICAgIGFuc2libGVfZnFkbiA9ICgkaXBfcHJvcHMuSG9zdG5hbWUgKyAiLiIgKyAkaXBfcHJvcHMuRG9tYWluTmFtZSkKICAgICAgICBhbnNpYmxlX2hvc3RuYW1lID0gJGVudjpDT01QVVRFUk5BTUUKICAgICAgICBhbnNpYmxlX2tlcm5lbCA9ICRvc3ZlcnNpb24uVmVyc2lvbi5Ub1N0cmluZygpCiAgICAgICAgYW5zaWJsZV9ub2RlbmFtZSA9ICgkaXBfcHJvcHMuSG9zdE5hbWUgKyAiLiIgKyAkaXBfcHJvcHMuRG9tYWluTmFtZSkKICAgICAgICBhbnNpYmxlX21hY2hpbmVfaWQgPSBHZXQtTWFjaGluZVNpZAogICAgICAgIGFuc2libGVfb3duZXJfY29udGFjdCA9IChbc3RyaW5nXSAkd2luMzJfY3MuUHJpbWFyeU93bmVyQ29udGFjdCkKICAgICAgICBhbnNpYmxlX293bmVyX25hbWUgPSAoW3N0cmluZ10gJHdpbjMyX2NzLlByaW1hcnlPd25lck5hbWUpCiAgICAgICAgIyBGVVRVUkU6IHNob3VsZCB0aGlzIGxpdmUgaW4gaXRzIG93biBzdWJzZXQ/CiAgICAgICAgYW5zaWJsZV9yZWJvb3RfcGVuZGluZyA9IChHZXQtUGVuZGluZ1JlYm9vdFN0YXR1cykKICAgICAgICBhbnNpYmxlX3N5c3RlbSA9ICRvc3ZlcnNpb24uUGxhdGZvcm0uVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfc3lzdGVtX2Rlc2NyaXB0aW9uID0gKFtzdHJpbmddICR3aW4zMl9vcy5EZXNjcmlwdGlvbikKICAgICAgICBhbnNpYmxlX3N5c3RlbV92ZW5kb3IgPSAkd2luMzJfY3MuTWFudWZhY3R1cmVyCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdwb3dlcnNoZWxsX3ZlcnNpb24nKSkgewogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICBhbnNpYmxlX3Bvd2Vyc2hlbGxfdmVyc2lvbiA9ICgkUFNWZXJzaW9uVGFibGUuUFNWZXJzaW9uLk1ham9yKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygncHJvY2Vzc29yJykpIHsKICAgICR3aW4zMl9jcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfQ29tcHV0ZXJTeXN0ZW0KICAgICR3aW4zMl9jcHUgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX1Byb2Nlc3NvcgogICAgaWYgKCR3aW4zMl9jcHUgLWlzIFthcnJheV0pIHsKICAgICAgICAjIG11bHRpLXNvY2tldCwgcGljayBmaXJzdAogICAgICAgICR3aW4zMl9jcHUgPSAkd2luMzJfY3B1WzBdCiAgICB9CgogICAgJGNwdV9saXN0ID0gQCggKQogICAgZm9yICgkaT0xOyAkaSAtbGUgKCR3aW4zMl9jcHUuTnVtYmVyT2ZMb2dpY2FsUHJvY2Vzc29ycyAvICR3aW4zMl9jcy5OdW1iZXJPZlByb2Nlc3NvcnMpOyAkaSsrKSB7CiAgICAgICAgJGNwdV9saXN0ICs9ICR3aW4zMl9jcHUuTWFudWZhY3R1cmVyCiAgICAgICAgJGNwdV9saXN0ICs9ICR3aW4zMl9jcHUuTmFtZQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9wcm9jZXNzb3IgPSAkY3B1X2xpc3QKICAgICAgICBhbnNpYmxlX3Byb2Nlc3Nvcl9jb3JlcyA9ICR3aW4zMl9jcHUuTnVtYmVyT2ZDb3JlcwogICAgICAgIGFuc2libGVfcHJvY2Vzc29yX2NvdW50ID0gJHdpbjMyX2NzLk51bWJlck9mUHJvY2Vzc29ycwogICAgICAgIGFuc2libGVfcHJvY2Vzc29yX3RocmVhZHNfcGVyX2NvcmUgPSAoJHdpbjMyX2NwdS5OdW1iZXJPZkxvZ2ljYWxQcm9jZXNzb3JzIC8gJHdpbjMyX2NzLk51bWJlck9mUHJvY2Vzc29ycyAvICR3aW4zMl9jcHUuTnVtYmVyT2ZDb3JlcykKICAgICAgICBhbnNpYmxlX3Byb2Nlc3Nvcl92Y3B1cyA9ICgkd2luMzJfY3B1Lk51bWJlck9mTG9naWNhbFByb2Nlc3NvcnMgLyAkd2luMzJfY3MuTnVtYmVyT2ZQcm9jZXNzb3JzKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygndXB0aW1lJykpIHsKICAgICR3aW4zMl9vcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfT3BlcmF0aW5nU3lzdGVtCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfbGFzdGJvb3QgPSAkd2luMzJfb3MubGFzdGJvb3R1cHRpbWUuVG9TdHJpbmcoInUiKQogICAgICAgIGFuc2libGVfdXB0aW1lX3NlY29uZHMgPSAkKFtTeXN0ZW0uQ29udmVydF06OlRvSW50NjQoJChHZXQtRGF0ZSkuU3VidHJhY3QoJHdpbjMyX29zLmxhc3Rib290dXB0aW1lKS5Ub3RhbFNlY29uZHMpKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygndXNlcicpKSB7CiAgICAkdXNlciA9IFtTZWN1cml0eS5QcmluY2lwYWwuV2luZG93c0lkZW50aXR5XTo6R2V0Q3VycmVudCgpCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfdXNlcl9kaXIgPSAkZW52OnVzZXJwcm9maWxlCiAgICAgICAgIyBXaW4zMl9Vc2VyQWNjb3VudC5GdWxsTmFtZSBpcyBwcm9iYWJseSB0aGUgcmlnaHQgdGhpbmcgaGVyZSwgYnV0IGl0IGNhbiBiZSBleHBlbnNpdmUgdG8gZ2V0IG9uIGxhcmdlIGRvbWFpbnMKICAgICAgICBhbnNpYmxlX3VzZXJfZ2Vjb3MgPSAiIgogICAgICAgIGFuc2libGVfdXNlcl9pZCA9ICRlbnY6dXNlcm5hbWUKICAgICAgICBhbnNpYmxlX3VzZXJfc2lkID0gJHVzZXIuVXNlci5WYWx1ZQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnd2luZG93c19kb21haW4nKSkgewogICAgJHdpbjMyX2NzID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9Db21wdXRlclN5c3RlbQogICAgJGRvbWFpbl9yb2xlcyA9IEB7CiAgICAgICAgMCA9ICJTdGFuZC1hbG9uZSB3b3Jrc3RhdGlvbiIKICAgICAgICAxID0gIk1lbWJlciB3b3Jrc3RhdGlvbiIKICAgICAgICAyID0gIlN0YW5kLWFsb25lIHNlcnZlciIKICAgICAgICAzID0gIk1lbWJlciBzZXJ2ZXIiCiAgICAgICAgNCA9ICJCYWNrdXAgZG9tYWluIGNvbnRyb2xsZXIiCiAgICAgICAgNSA9ICJQcmltYXJ5IGRvbWFpbiBjb250cm9sbGVyIgogICAgfQoKICAgICRkb21haW5fcm9sZSA9ICRkb21haW5fcm9sZXMuR2V0X0l0ZW0oW0ludDMyXSR3aW4zMl9jcy5Eb21haW5Sb2xlKQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV93aW5kb3dzX2RvbWFpbiA9ICR3aW4zMl9jcy5Eb21haW4KICAgICAgICBhbnNpYmxlX3dpbmRvd3NfZG9tYWluX21lbWJlciA9ICR3aW4zMl9jcy5QYXJ0T2ZEb21haW4KICAgICAgICBhbnNpYmxlX3dpbmRvd3NfZG9tYWluX3JvbGUgPSAkZG9tYWluX3JvbGUKICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ3dpbnJtJykpIHsKCiAgICAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGFyZW50X3BhdGhzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCBXU01hbjpcbG9jYWxob3N0XExpc3RlbmVyIC1SZWN1cnNlIHwgV2hlcmUtT2JqZWN0IHskXy5QU0NoaWxkTmFtZSAtZXEgIlRyYW5zcG9ydCIgLWFuZCAkXy5WYWx1ZSAtZXEgIkhUVFBTIn0gfCBzZWxlY3QgUFNQYXJlbnRQYXRoCiAgICBpZiAoJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocyAtaXNub3QgW2FycmF5XSkgewogICAgICAgJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocyA9IEAoJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocykKICAgIH0KCiAgICAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aHMgPSBAKCkKICAgIGZvcmVhY2ggKCR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aCBpbiAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGFyZW50X3BhdGhzKSB7CiAgICAgICAgJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhdGhzICs9ICR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aC5QU1BhcmVudFBhdGguU3Vic3RyaW5nKCR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aC5QU1BhcmVudFBhdGguTGFzdEluZGV4T2YoIlwiKSkKICAgIH0KCiAgICAkaHR0cHNfbGlzdGVuZXJzID0gQCgpCiAgICBmb3JlYWNoICgkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aCBpbiAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aHMpIHsKICAgICAgICAkaHR0cHNfbGlzdGVuZXJzICs9IEdldC1DaGlsZEl0ZW0gLVBhdGggIldTTWFuOlxsb2NhbGhvc3RcTGlzdGVuZXIkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aCIKICAgIH0KCiAgICAkd2lucm1fY2VydF90aHVtYnByaW50cyA9IEAoKQogICAgZm9yZWFjaCAoJGh0dHBzX2xpc3RlbmVyIGluICRodHRwc19saXN0ZW5lcnMpIHsKICAgICAgICAkd2lucm1fY2VydF90aHVtYnByaW50cyArPSAkaHR0cHNfbGlzdGVuZXIgfCB3aGVyZSB7JF8uTmFtZSAtRVEgIkNlcnRpZmljYXRlVGh1bWJwcmludCIgfSB8IHNlbGVjdCBWYWx1ZQogICAgfQoKICAgICR3aW5ybV9jZXJ0X2V4cGlyeSA9IEAoKQogICAgZm9yZWFjaCAoJHdpbnJtX2NlcnRfdGh1bWJwcmludCBpbiAkd2lucm1fY2VydF90aHVtYnByaW50cykgewogICAgICAgIFRyeSB7CiAgICAgICAgICAgICR3aW5ybV9jZXJ0X2V4cGlyeSArPSBHZXQtQ2hpbGRJdGVtIC1QYXRoIENlcnQ6XExvY2FsTWFjaGluZVxNeSB8IHdoZXJlIFRodW1icHJpbnQgLUVRICR3aW5ybV9jZXJ0X3RodW1icHJpbnQuVmFsdWUuVG9TdHJpbmcoKS5Ub1VwcGVyKCkgfCBzZWxlY3QgTm90QWZ0ZXIKICAgICAgICB9IENhdGNoIHt9CiAgICB9CgogICAgJHdpbnJtX2NlcnRfZXhwaXJhdGlvbnMgPSAkd2lucm1fY2VydF9leHBpcnkgfCBTb3J0LU9iamVjdCBOb3RBZnRlcgogICAgaWYgKCR3aW5ybV9jZXJ0X2V4cGlyYXRpb25zKSB7CiAgICAgICAgIyB0aGlzIGZhY3Qgd2FzIHJlbmFtZWQgZnJvbSBhbnNpYmxlX3dpbnJtX2NlcnRpZmljYXRlX2V4cGlyZXMgZHVlIHRvIGNvbGxpc2lvbiB3aXRoIGFuc2libGVfd2lucm1fWCBjb25uZWN0aW9uIHZhciBwYXR0ZXJuCiAgICAgICAgJGFuc2libGVfZmFjdHMuQWRkKCJhbnNpYmxlX3dpbl9ybV9jZXJ0aWZpY2F0ZV9leHBpcmVzIiwgJHdpbnJtX2NlcnRfZXhwaXJhdGlvbnNbMF0uTm90QWZ0ZXIuVG9TdHJpbmcoInl5eXktTU0tZGQgSEg6bW06c3MiKSkKICAgIH0KfQoKJHJlc3VsdC5hbnNpYmxlX2ZhY3RzICs9ICRhbnNpYmxlX2ZhY3RzCgpFeGl0LUpzb24gJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "gather_timeout": 10, "_ansible_module_name": "setup", "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "gather_subset": ["all"], "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin ScriptBlock ID: 7b6a25fc-c4e2-4bf6-b9ef-260dcea76f27 Path:	4104	1		3	2	15	0	2096	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3104	884	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:02 PM	839e3e65-ff4b-0005-5d5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): mUtT2JqZWN0IC1GaWx0ZXJTY3JpcHQgeygkUFNJdGVtLlBTSXNDb250YWluZXIgLWVxICRmYWxzZSkgLWFuZCAoJFBTSXRlbS5FeHRlbnNpb24gLWVxICcucHMxJyl9CgogIGZvcmVhY2ggKCRGYWN0c0ZpbGUgaW4gJEZhY3RzRmlsZXMpIHsKICAgICAgJG91dCA9ICYgJCgkRmFjdHNGaWxlLkZ1bGxOYW1lKQogICAgICAkcmVzdWx0LmFuc2libGVfZmFjdHMuQWRkKCJhbnNpYmxlXyQoKCRGYWN0c0ZpbGUuTmFtZSkuU3BsaXQoJy4nKVswXSkiLCAkb3V0KQogIH0KfQoKRnVuY3Rpb24gR2V0LU1hY2hpbmVTaWQgewogICAgIyBUaGUgTWFjaGluZSBTSUQgaXMgc3RvcmVkIGluIEhLTE06XFNFQ1VSSVRZXFNBTVxEb21haW5zXEFjY291bnQgYW5kIGlzCiAgICAjIG9ubHkgYWNjZXNzaWJsZSBieSB0aGUgTG9jYWwgU3lzdGVtIGFjY291bnQuIFRoaXMgbWV0aG9kIGdldCdzIHRoZSBsb2NhbAogICAgIyBhZG1pbiBhY2NvdW50IChlbmRzIHdpdGggLTUwMCkgYW5kIGxvcHMgaXQgb2ZmIHRvIGdldCB0aGUgbWFjaGluZSBzaWQuCgogICAgJGFkbWluc19zaWQgPSAiUy0xLTUtMzItNTQ0IgogICAgJGFkbWluX2dyb3VwID0gKFtTZWN1cml0eS5QcmluY2lwYWwuU2VjdXJpdHlJZGVudGlmaWVyXSRhZG1pbnNfc2lkKS5UcmFuc2xhdGUoW1NlY3VyaXR5LlByaW5jaXBhbC5OVEFjY291bnRdKS5WYWx1ZSAKCiAgICBBZGQtVHlwZSAtQXNzZW1ibHlOYW1lIFN5c3RlbS5EaXJlY3RvcnlTZXJ2aWNlcy5BY2NvdW50TWFuYWdlbWVudAogICAgJHByaW5jaXBhbF9jb250ZXh0ID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50LlByaW5jaXBhbENvbnRleHQoW1N5c3RlbS5EaXJlY3RvcnlTZXJ2aWNlcy5BY2NvdW50TWFuYWdlbWVudC5Db250ZXh0VHlwZV06Ok1hY2hpbmUpCiAgICAkZ3JvdXBfcHJpbmNpcGFsID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50Lkdyb3VwUHJpbmNpcGFsKCRwcmluY2lwYWxfY29udGV4dCwgJGFkbWluX2dyb3VwKQogICAgJHNlYXJjaGVyID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50LlByaW5jaXBhbFNlYXJjaGVyKCRncm91cF9wcmluY2lwYWwpCiAgICAkZ3JvdXBzID0gJHNlYXJjaGVyLkZpbmRPbmUoKQoKICAgICRtYWNoaW5lX3NpZCA9ICRudWxsCiAgICBmb3JlYWNoICgkdXNlciBpbiAkZ3JvdXBzLk1lbWJlcnMpIHsKICAgICAgICAkdXNlcl9zaWQgPSAkdXNlci5TaWQKICAgICAgICBpZiAoJHVzZXJfc2lkLlZhbHVlLkVuZHNXaXRoKCItNTAwIikpIHsKICAgICAgICAgICAgJG1hY2hpbmVfc2lkID0gJHVzZXJfc2lkLkFjY291bnREb21haW5TaWQuVmFsdWUKICAgICAgICAgICAgYnJlYWsKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICRtYWNoaW5lX3NpZAp9CgokY2ltX2luc3RhbmNlcyA9IEB7fQoKRnVuY3Rpb24gR2V0LUxhenlDaW1JbnN0YW5jZShbc3RyaW5nXSRpbnN0YW5jZV9uYW1lLCBbc3RyaW5nXSRuYW1lc3BhY2U9IlJvb3RcQ0lNVjIiKSB7CiAgICBpZigtbm90ICRjaW1faW5zdGFuY2VzLkNvbnRhaW5zS2V5KCRpbnN0YW5jZV9uYW1lKSkgewogICAgICAgICRjaW1faW5zdGFuY2VzWyRpbnN0YW5jZV9uYW1lXSA9ICQoR2V0LUNpbUluc3RhbmNlIC1OYW1lc3BhY2UgJG5hbWVzcGFjZSAtQ2xhc3NOYW1lICRpbnN0YW5jZV9uYW1lKQogICAgfQoKICAgIHJldHVybiAkY2ltX2luc3RhbmNlc1skaW5zdGFuY2VfbmFtZV0KfQoKJHJlc3VsdCA9IEB7CiAgICBhbnNpYmxlX2ZhY3RzID0gQHsgfQogICAgY2hhbmdlZCA9ICRmYWxzZQp9CgokZ3JvdXBlZF9zdWJzZXRzID0gQHsKICAgIG1pbj1bU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuTGlzdFtzdHJpbmddXUAoJ2RhdGVfdGltZScsJ2Rpc3RyaWJ1dGlvbicsJ2RucycsJ2VudicsJ2xvY2FsJywncGxhdGZvcm0nLCdwb3dlcnNoZWxsX3ZlcnNpb24nLCd1c2VyJykKICAgIG5ldHdvcms9W1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkxpc3Rbc3RyaW5nXV1AKCdhbGxfaXB2NF9hZGRyZXNzZXMnLCdhbGxfaXB2Nl9hZGRyZXNzZXMnLCdpbnRlcmZhY2VzJywnd2luZG93c19kb21haW4nLCAnd2lucm0nKQogICAgaGFyZHdhcmU9W1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkxpc3Rbc3RyaW5nXV1AKCdiaW9zJywnbWVtb3J5JywncHJvY2Vzc29yJywndXB0aW1lJykKICAgIGV4dGVybmFsPVtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0W3N0cmluZ11dQCgnZmFjdGVyJykKfQoKIyBidWlsZCAiYWxsIiBzZXQgZnJvbSBldmVyeXRoaW5nIG1lbnRpb25lZCBpbiB0aGUgZ3JvdXAtIHRoaXMgbWVhbnMgZXZlcnkgdmFsdWUgbXVzdCBiZSBpbiBhdCBsZWFzdCBvbmUgc3Vic2V0IHRvIGJlIGNvbnNpZGVyZWQgbGVnYWwKJGFsbF9zZXQgPSBbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSGFzaFNldFtzdHJpbmddXUAoKQoKZm9yZWFjaCgka3YgaW4gJGdyb3VwZWRfc3Vic2V0cy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgIFt2b2lkXSAkYWxsX3NldC5VbmlvbldpdGgoJGt2LlZhbHVlKQp9CgojIGR5bmFtaWNhbGx5IGNyZWF0ZSBhbiAiYWxsIiBzdWJzZXQgbm93IHRoYXQgd2Uga25vdyB3aGF0IHNob3VsZCBiZSBpbiBpdAokZ3JvdXBlZF9zdWJzZXRzWydhbGwnXSA9IFtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0W3N0cmluZ11dJGFsbF9zZXQKCiMgc3RhcnQgd2l0aCBhbGwsIGJ1aWxkIHVwIGdhdGhlciBhbmQgZXhjbHVkZSBzdWJzZXRzCiRnYXRoZXJfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV0kZ3JvdXBlZF9zdWJzZXRzLmFsbAokZXhwbGljaXRfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV1AKCkKJGV4Y2x1ZGVfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV1AKCkKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCiRmYWN0cGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmYWN0X3BhdGgiIC10eXBlICJwYXRoIgokZ2F0aGVyX3N1YnNldF9zb3VyY2UgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2F0aGVyX3N1YnNldCIgLXR5cGUgImxpc3QiIC1kZWZhdWx0ICJhbGwiCgpmb3JlYWNoKCRpdGVtIGluICRnYXRoZXJfc3Vic2V0X3NvdXJjZSkgewogICAgaWYoKFtzdHJpbmddJGl0ZW0pLlN0YXJ0c1dpdGgoIiEiKSkgewogICAgICAgICRpdGVtID0gKFtzdHJpbmddJGl0ZW0pLlN1YnN0cmluZygxKQogICAgICAgIGlmKCRpdGVtIC1lcSAiYWxsIikgewogICAgICAgICAgICAkYWxsX21pbnVzX21pbiA9IFtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5IYXNoU2V0W3N0cmluZ11dQCgkYWxsX3NldCkKICAgICAgICAgICAgW3ZvaWRdICRhbGxfbWludXNfbWluLkV4Y2VwdFdpdGgoJGdyb3VwZWRfc3Vic2V0cy5taW4pCiAgICAgICAgICAgIFt2b2lkXSAkZXhjbHVkZV9zdWJzZXQuVW5pb25XaXRoKCRhbGxfbWludXNfbWluKQogICAgICAgIH0KICAgICAgICBlbHNlaWYoJGdyb3VwZWRfc3Vic2V0cy5Db250YWluc0tleSgkaXRlbSkpIHsKICAgICAgICAgICAgW3ZvaWRdICRleGNsdWRlX3N1YnNldC5VbmlvbldpdGgoJGdyb3VwZWRfc3Vic2V0c1skaXRlbV0pCiAgICAgICAgfQogICAgICAgIGVsc2VpZigkYWxsX3NldC5Db250YWlucygkaXRlbSkpIHsKICAgICAgICAgICAgW3ZvaWRdICRleGNsdWRlX3N1YnNldC5BZGQoJGl0ZW0pCiAgICAgICAgfQogICAgICAgICMgTkI6IGludmFsaWQgZXhjbHVkZSB2YWx1ZXMgYXJlIGlnbm9yZWQsIHNpbmNlIHRoYXQncyB3aGF0IHBvc2l4IHNldHVwIGRvZXMKICAgIH0KICAgIGVsc2UgewogICAgICAgIGlmKCRncm91cGVkX3N1YnNldHMuQ29udGFpbnNLZXkoJGl0ZW0pKSB7CiAgICAgICAgICAgIFt2b2lkXSAkZXhwbGljaXRfc3Vic2V0LlVuaW9uV2l0aCgkZ3JvdXBlZF9zdWJzZXRzWyRpdGVtXSkKICAgICAgICB9CiAgICAgICAgZWxzZWlmKCRhbGxfc2V0LkNvbnRhaW5zKCRpdGVtKSkgewogICAgICAgICAgICBbdm9pZF0gJGV4cGxpY2l0X3N1YnNldC5BZGQoJGl0ZW0pCiAgICAgICAgfQogICAgICAgIGVsc2UgewogICAgICAgICAgICAjIE5COiBQT1NJWCBzZXR1cCBmYWlscyBvbiBpbnZhbGlkIHZhbHVlOyB3ZSB3YXJuLCBiZWNhdXNlIHdlIGRvbid0IGltcGxlbWVudCB0aGUgc2FtZSBzZXQgYXMgUE9TSVgKICAgICAgICAgICAgIyBhbmQgd2UgZG9uJ3QgaGF2ZSBwbGF0Zm9ybS1zcGVjaWZpYyBjb25maWcgZm9yIHRoaXMuLi4KICAgICAgICAgICAgQWRkLVdhcm5pbmcgJHJlc3VsdCAiaW52YWxpZCB2YWx1ZSAkaXRlbSBzcGVjaWZpZWQgaW4gZ2F0aGVyX3N1YnNldCIKICAgICAgICB9CiAgICB9Cn0KClt2b2lkXSAkZ2F0aGVyX3N1YnNldC5FeGNlcHRXaXRoKCRleGNsdWRlX3N1YnNldCkKW3ZvaWRdICRnYXRoZXJfc3Vic2V0LlVuaW9uV2l0aCgkZXhwbGljaXRfc3Vic2V0KQoKJGFuc2libGVfZmFjdHMgPSBAewogICAgZ2F0aGVyX3N1YnNldD1AKCRnYXRoZXJfc3Vic2V0X3NvdXJjZSkKICAgIG1vZHVsZV9zZXR1cD0kdHJ1ZQp9Cgokb3N2ZXJzaW9uID0gW0Vudmlyb25tZW50XTo6T1NWZXJzaW9uCgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnYWxsX2lwdjRfYWRkcmVzc2VzJykgLW9yICRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdhbGxfaXB2Nl9hZGRyZXNzZXMnKSkgewogICAgJG5ldGNmZyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfTmV0d29ya0FkYXB0ZXJDb25maWd1cmF0aW9uCiAgICAKICAgICMgVE9ETzogc3BsaXQgdjQvdjYgcHJvcGVybHksIHJldHVybiBpbiBzZXBhcmF0ZSBrZXlzCiAgICAkaXBzID0gQCgpCiAgICBGb3JlYWNoICgkaXAgaW4gJG5ldGNmZy5JUEFkZHJlc3MpIHsKICAgICAgICBJZiAoJGlwKSB7CiAgICAgICAgICAgICRpcHMgKz0gJGlwCiAgICAgICAgfQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9pcF9hZGRyZXNzZXMgPSAkaXBzCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdiaW9zJykpIHsKICAgICR3aW4zMl9iaW9zID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9CaW9zCiAgICAkd2luMzJfY3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX0NvbXB1dGVyU3lzdGVtCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfYmlvc19kYXRlID0gJHdpbjMyX2Jpb3MuUmVsZWFzZURhdGUuVG9TdHJpbmcoIk1NL2RkL3l5eXkiKQogICAgICAgIGFuc2libGVfYmlvc192ZXJzaW9uID0gJHdpbjMyX2Jpb3MuU01CSU9TQklPU1ZlcnNpb24KICAgICAgICBhbnNpYmxlX3Byb2R1Y3RfbmFtZSA9ICR3aW4zMl9jcy5Nb2RlbC5UcmltKCkKICAgICAgICBhbnNpYmxlX3Byb2R1Y3Rfc2VyaWFsID0gJHdpbjMyX2Jpb3MuU2VyaWFsTnVtYmVyCiAgICAgICAgIyBhbnNpYmxlX3Byb2R1Y3RfdmVyc2lvbiA9IChbc3RyaW5nXSAkd2luMzJfY3MuU3lzdGVtRmFtaWx5KQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnZGF0ZV90aW1lJykpIHsKICAgICRkYXRldGltZSA9IChHZXQtRGF0ZSkKICAgICRkYXRldGltZV91dGMgPSAkZGF0ZXRpbWUuVG9Vbml2ZXJzYWxUaW1lKCkKICAgICRkYXRlID0gQHsKICAgICAgICBkYXRlID0gJGRhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIikKICAgICAgICBkYXkgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoImRkIikKICAgICAgICBlcG9jaCA9IChHZXQtRGF0ZSAtVUZvcm1hdCAiJXMiKQogICAgICAgIGhvdXIgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIkhIIikKICAgICAgICBpc284NjAxID0gJGRhdGV0aW1lX3V0Yy5Ub1N0cmluZygieXl5eS1NTS1kZFRISDptbTpzc1oiKQogICAgICAgIGlzbzg2MDFfYmFzaWMgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXlNTWRkVEhIbW1zc2ZmZmZmZiIpCiAgICAgICAgaXNvODYwMV9iYXNpY19zaG9ydCA9ICRkYXRldGltZS5Ub1N0cmluZygieXl5eU1NZGRUSEhtbXNzIikKICAgICAgICBpc284NjAxX21pY3JvID0gJGRhdGV0aW1lX3V0Yy5Ub1N0cmluZygieXl5eS1NTS1kZFRISDptbTpzcy5mZmZmZmZaIikKICAgICAgICBtaW51dGUgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIm1tIikKICAgICAgICBtb250aCA9ICRkYXRldGltZS5Ub1N0cmluZygiTU0iKQogICAgICAgIHNlY29uZCA9ICRkYXRldGltZS5Ub1N0cmluZygic3MiKQogICAgICAgIHRpbWUgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIkhIOm1tOnNzIikKICAgICAgICB0eiA9IChbU3lzdGVtLlRpbWVab25lSW5mb106OkxvY2FsLklkKQogICAgICAgIHR6X29mZnNldCA9ICRkYXRldGltZS5Ub1N0cmluZygienp6eiIpCiAgICAgICAgIyBFbnN1cmUgdGhhdCB0aGUgd2Vla2RheSBpcyBpbiBFbmdsaXNoCiAgICAgICAgd2Vla2RheSA9ICRkYXRldGltZS5Ub1N0cmluZygiZGRkZCIsIFtTeXN0ZW0uR2xvYmFsaXphdGlvbi5DdWx0dXJlSW5mb106OkludmFyaWFudEN1bHR1cmUpCiAgICAgICAgd2Vla2RheV9udW1iZXIgPSAoR2V0LURhdGUgLVVGb3JtYXQgIiV3IikKICAgICAgICB3ZWVrbnVtYmVyID0gKEdldC1EYXRlIC1VRm9ybWF0ICIlVyIpCiAgICAgICAgeWVhciA9ICRkYXRldGltZS5Ub1N0cmluZygieXl5eSIpCiAgICB9CgogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICBhbnNpYmxlX2RhdGVfdGltZSA9ICRkYXRlCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdkaXN0cmlidXRpb24nKSkgewogICAgJHdpbjMyX29zID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9PcGVyYXRpbmdTeXN0ZW0KICAgICRwcm9kdWN0X3R5cGUgPSBzd2l0Y2goJHdpbjMyX29zLlByb2R1Y3RUeXBlKSB7CiAgICAgICAgMSB7ICJ3b3Jrc3RhdGlvbiIgfQogICAgICAgIDIgeyAiZG9tYWluX2NvbnRyb2xsZXIiIH0KICAgICAgICAzIHsgInNlcnZlciIgfQogICAgICAgIGRlZmF1bHQgeyAidW5rbm93biIgfQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9kaXN0cmlidXRpb24gPSAkd2luMzJfb3MuQ2FwdGlvbgogICAgICAgIGFuc2libGVfZGlzdHJpYnV0aW9uX3ZlcnNpb24gPSAkb3N2ZXJzaW9uLlZlcnNpb24uVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfZGlzdHJpYnV0aW9uX21ham9yX3ZlcnNpb24gPSAkb3N2ZXJzaW9uLlZlcnNpb24uTWFqb3IuVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfb3NfZmFtaWx5ID0gIldpbmRvd3MiCiAgICAgICAgYW5zaWJsZV9vc19uYW1lID0gKCR3aW4zMl9vcy5OYW1lLlNwbGl0KCd8JylbMF0pLlRyaW0oKQogICAgICAgIGFuc2libGVfb3NfcHJvZHVjdF90eXBlID0gJHByb2R1Y3RfdHlwZQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnZW52JykpIHsKICAgICRlbnZfdmFycyA9IEB7IH0KICAgIGZvcmVhY2ggKCRpdGVtIGluIEdldC1DaGlsZEl0ZW0gRW52OikgewogICAgICAgICRuYW1lID0gJGl0ZW0gfCBzZWxlY3QgLUV4cGFuZFByb3BlcnR5IE5hbWUKICAgICAgICAjIFBvd2Vyc2hlbGwgQ29udmVydFRvLUpzb24gZmFpbHMgaWYgc3RyaW5nIGVuZHMgd2l0aCBcCiAgICAgICAgJHZhbHVlID0gKCRpdGVtIHwgc2VsZWN0IC1FeHBhbmRQcm9wZXJ0eSBWYWx1ZSkuVHJpbUVuZCgiXCIpCiAgICAgICAgJGVudl92YXJzLkFkZCgkbmFtZSwgJHZhbHVlKQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9lbnYgPSAkZW52X3ZhcnMKICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ2ZhY3RlcicpKSB7CiAgICAjIFNlZSBpZiBGYWN0ZXIgaXMgb24gdGhlIFN5c3RlbSBQYXRoCiAgICBUcnkgewogICAgICAgICRmYWN0ZXJfZXhlID0gR2V0LUNvbW1hbmQgZmFjdGVyIC1FcnJvckFjdGlvbiBTdG9wCiAgICAgICAgJGZhY3Rlcl9pbnN0YWxsZWQgPSAkdHJ1ZQogICAgfSBDYXRjaCB7CiAgICAgICAgJGZhY3Rlcl9pbnN0YWxsZWQgPSAkZmFsc2UKICAgIH0KCiAgICAjIEdldCBK ScriptBlock ID: 7b6a25fc-c4e2-4bf6-b9ef-260dcea76f27 Path:	4104	1		3	2	15	0	2095	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3104	884	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:02 PM	839e3e65-ff4b-0005-5d5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): pIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTgsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCkZ1bmN0aW9uIEdldC1DdXN0b21GYWN0cyB7CiAgW2NtZGxldEJpbmRpbmcoKV0KICBwYXJhbSAoCiAgICBbUGFyYW1ldGVyKG1hbmRhdG9yeT0kZmFsc2UpXQogICAgJGZhY3RwYXRoID0gJG51bGwKICApCgogIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGZhY3RwYXRoKSkgewogICAgRmFpbC1Kc29uICRyZXN1bHQgIlRoZSBwYXRoICRmYWN0cGF0aCBkb2VzIG5vdCBleGlzdC4gVHlwbz8iCiAgfQoKICAkRmFjdHNGaWxlcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJGZhY3RwYXRoIHwgV2hlc ScriptBlock ID: 7b6a25fc-c4e2-4bf6-b9ef-260dcea76f27 Path:	4104	1		3	2	15	0	2094	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3104	884	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:02 PM	839e3e65-ff4b-0005-5d5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXM ScriptBlock ID: 7b6a25fc-c4e2-4bf6-b9ef-260dcea76f27 Path:	4104	1		3	2	15	0	2093	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3104	884	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:02 PM	839e3e65-ff4b-0005-5d5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2092	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3104	1732	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:02 PM	839e3e65-ff4b-0005-5b5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3104 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2091	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3104	1656	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:02 PM	839e3e65-ff4b-0005-5b5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2090	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3104	1732	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:32:02 PM	839e3e65-ff4b-0005-5b5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetGPO' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Open-NetGPO { [CmdletBinding(PositionalBinding=$false)] [OutputType([System.String])] param( [Parameter(ParameterSetName='Open0', Mandatory=$true, Position=0)] [string] ${PolicyStore}, [Parameter(ParameterSetName='Open0')] [string] ${DomainController}, [Parameter(ParameterSetName='Open0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Open0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Open0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DomainController')) { [object]$__cmdletization_value = ${DomainController} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DomainController'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DomainController'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GPOSession'; ParameterType = 'System.String'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Open', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetGPO.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Open-NetGPO' -Alias '*' function Save-NetGPO { [CmdletBinding(PositionalBinding=$false)] param( [Parameter(ParameterSetName='Save1', Mandatory=$true, Position=0)] [string] ${GPOSession}, [Parameter(ParameterSetName='Save1')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Save1')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Save1')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GPOSession')) { [object]$__cmdletization_value = ${GPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Save', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetGPO.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Save-NetGPO' -Alias '*' ScriptBlock ID: 6859873a-be09-4ed1-b921-0b23c66b6186 Path:	4104	1		3	2	15	0	2089	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:52 PM	839e3e65-ff4b-0004-1752-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableStatefulPptp')) { [object]$__cmdletization_value = ${EnableStatefulPptp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableStatefulPptp'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableStatefulPptp'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteMachineTransportAuthorizationList')) { [object]$__cmdletization_value = ${RemoteMachineTransportAuthorizationList} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteMachineTransportAuthorizationList'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteMachineTransportAuthorizationList'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteMachineTunnelAuthorizationList')) { [object]$__cmdletization_value = ${RemoteMachineTunnelAuthorizationList} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteMachineTunnelAuthorizationList'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteMachineTunnelAuthorizationList'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteUserTransportAuthorizationList')) { [object]$__cmdletization_value = ${RemoteUserTransportAuthorizationList} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteUserTransportAuthorizationList'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteUserTransportAuthorizationList'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteUserTunnelAuthorizationList')) { [object]$__cmdletization_value = ${RemoteUserTunnelAuthorizationList} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteUserTunnelAuthorizationList'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteUserTunnelAuthorizationList'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RequireFullAuthSupport')) { [object]$__cmdletization_value = ${RequireFullAuthSupport} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RequireFullAuthSupport'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RequireFullAuthSupport'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('CertValidationLevel')) { [object]$__cmdletization_value = ${CertValidationLevel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CertValidationLevel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.CRLCheck'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CertValidationLevel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.CRLCheck'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowIPsecThroughNAT')) { [object]$__cmdletization_value = ${AllowIPsecThroughNAT} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowIPsecThroughNAT'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecThroughNAT'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowIPsecThroughNAT'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecThroughNAT'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxSAIdleTimeSeconds')) { [object]$__cmdletization_value = ${MaxSAIdleTimeSeconds} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxSAIdleTimeSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxSAIdleTimeSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('KeyEncoding')) { [object]$__cmdletization_value = ${KeyEncoding} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'KeyEncoding'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyEncoding'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'KeyEncoding'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyEncoding'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnablePacketQueuing')) { [object]$__cmdletization_value = ${EnablePacketQueuing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnablePacketQueuing'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PacketQueuing'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnablePacketQueuing'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PacketQueuing'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallSetting.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetFirewallSetting' -Alias '*' ScriptBlock ID: 2a12c536-33d9-47be-81a0-706fc6e683ae Path:	4104	1		3	2	15	0	2088	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:52 PM	839e3e65-ff4b-0004-1352-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetSecuritySettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetFirewallSetting { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetSecuritySettingData')] param( [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallSetting.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetFirewallSetting' -Alias '*' function Set-NetFirewallSetting { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetSecuritySettingData')] param( [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetSecuritySettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.TrafficExemption] ${Exemptions}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${EnableStatefulFtp}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${EnableStatefulPptp}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${RemoteMachineTransportAuthorizationList}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${RemoteMachineTunnelAuthorizationList}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${RemoteUserTransportAuthorizationList}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${RemoteUserTunnelAuthorizationList}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${RequireFullAuthSupport}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.CRLCheck] ${CertValidationLevel}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecThroughNAT] ${AllowIPsecThroughNAT}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${MaxSAIdleTimeSeconds}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyEncoding] ${KeyEncoding}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PacketQueuing] ${EnablePacketQueuing}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('Query (cdxml)', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Exemptions')) { [object]$__cmdletization_value = ${Exemptions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Exemptions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.TrafficExemption'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Exemptions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.TrafficExemption'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableStatefulFtp')) { [object]$__cmdletization_value = ${EnableStatefulFtp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableStatefulFtp'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableStatefulFtp'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__ ScriptBlock ID: 2a12c536-33d9-47be-81a0-706fc6e683ae Path:	4104	1		3	2	15	0	2087	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:52 PM	839e3e65-ff4b-0004-1352-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetQuickModeSA' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetIPsecQuickModeSA { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetQuickModeSA')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeSA', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeSA')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeSA}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeSA')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeSA')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeSA')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeSA') -and (@('ByAssociatedNetIPsecMainModeSA') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeSA}, 'MSFT_NetSAAssociation', 'Antecedent', 'Dependent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecQuickModeSA.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPsecQuickModeSA' -Alias '*' function Remove-NetIPsecQuickModeSA { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetQuickModeSA')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeSA', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeSA')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeSA}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetQuickModeSA')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeSA')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeSA')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeSA')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeSA')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeSA') -and (@('ByAssociatedNetIPsecMainModeSA') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeSA}, 'MSFT_NetSAAssociation', 'Antecedent', 'Dependent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByAssociatedNetIPsecMainModeSA', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecQuickModeSA.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetIPsecQuickModeSA' -Alias '*' ScriptBlock ID: a5dae1da-dff9-473d-9b75-6e62acc4b895 Path:	4104	1		3	2	15	0	2086	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:52 PM	839e3e65-ff4b-0004-0f52-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetMainModeSA' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetIPsecMainModeSA { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeSA')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeSA', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetQuickModeSA')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecQuickModeSA}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeSA')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeSA')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeSA')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecQuickModeSA') -and (@('ByAssociatedNetIPsecQuickModeSA') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecQuickModeSA}, 'MSFT_NetSAAssociation', 'Dependent', 'Antecedent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeSA.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPsecMainModeSA' -Alias '*' function Remove-NetIPsecMainModeSA { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeSA')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeSA', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetQuickModeSA')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecQuickModeSA}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetMainModeSA')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeSA')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeSA')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeSA')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeSA')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecQuickModeSA') -and (@('ByAssociatedNetIPsecQuickModeSA') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecQuickModeSA}, 'MSFT_NetSAAssociation', 'Dependent', 'Antecedent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByAssociatedNetIPsecQuickModeSA', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeSA.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetIPsecMainModeSA' -Alias '*' ScriptBlock ID: e950fa94-9910-4853-976b-a40bc798ed8f Path:	4104	1		3	2	15	0	2085	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:52 PM	839e3e65-ff4b-0004-0b52-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetIPsecIdentity' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } ScriptBlock ID: ed48a876-8a80-474f-a561-cb8a979025d0 Path:	4104	1		3	2	15	0	2084	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:52 PM	839e3e65-ff4b-0004-0952-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): ublicV6Address'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PrivateV6Address')) { [object]$__cmdletization_value = ${PrivateV6Address} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrivateV6Address'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrivateV6Address'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecDospSetting.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetIPsecDospSetting' -Alias '*' function Remove-NetIPsecDospSetting { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIPsecDoSPSetting')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIPsecDoSPSetting')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('ElementName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecDospSetting.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetIPsecDospSetting' -Alias '*' ScriptBlock ID: 6bd371ef-0629-4ea8-8fad-538d9a8a1cc0 Path:	4104	1		3	2	15	0	2083	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:52 PM	839e3e65-ff4b-0004-0352-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): ('ByName', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('StateIdleTimeoutSeconds')) { [object]$__cmdletization_value = ${StateIdleTimeoutSeconds} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'StateIdleTimeoutSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'StateIdleTimeoutSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PerIPRateLimitQueueIdleTimeoutSeconds')) { [object]$__cmdletization_value = ${PerIPRateLimitQueueIdleTimeoutSeconds} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PerIPRateLimitQueueIdleTimeoutSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PerIPRateLimitQueueIdleTimeoutSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6IPsecUnauthDscp')) { [object]$__cmdletization_value = ${IpV6IPsecUnauthDscp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthDscp'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthDscp'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6IPsecUnauthRateLimitBytesPerSec')) { [object]$__cmdletization_value = ${IpV6IPsecUnauthRateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6IPsecUnauthPerIPRateLimitBytesPerSec')) { [object]$__cmdletization_value = ${IpV6IPsecUnauthPerIPRateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthPerIPRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthPerIPRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6IPsecAuthDscp')) { [object]$__cmdletization_value = ${IpV6IPsecAuthDscp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecAuthDscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecAuthDscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6IPsecAuthRateLimitBytesPerSec')) { [object]$__cmdletization_value = ${IpV6IPsecAuthRateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecAuthRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecAuthRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IcmpV6Dscp')) { [object]$__cmdletization_value = ${IcmpV6Dscp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpV6Dscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpV6Dscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IcmpV6RateLimitBytesPerSec')) { [object]$__cmdletization_value = ${IcmpV6RateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpV6RateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpV6RateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6FilterExemptDscp')) { [object]$__cmdletization_value = ${IpV6FilterExemptDscp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6FilterExemptDscp'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6FilterExemptDscp'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6FilterExemptRateLimitBytesPerSec')) { [object]$__cmdletization_value = ${IpV6FilterExemptRateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6FilterExemptRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6FilterExemptRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefBlockExemptDscp')) { [object]$__cmdletization_value = ${DefBlockExemptDscp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefBlockExemptDscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefBlockExemptDscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefBlockExemptRateLimitBytesPerSec')) { [object]$__cmdletization_value = ${DefBlockExemptRateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefBlockExemptRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefBlockExemptRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxStateEntries')) { [object]$__cmdletization_value = ${MaxStateEntries} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxStateEntries'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxStateEntries'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxPerIPRateLimitQueues')) { [object]$__cmdletization_value = ${MaxPerIPRateLimitQueues} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxPerIPRateLimitQueues'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxPerIPRateLimitQueues'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnabledKeyingModules')) { [object]$__cmdletization_value = ${EnabledKeyingModules} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnabledKeyingModules'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospKeyModules'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnabledKeyingModules'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospKeyModules'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('FilteringFlags')) { [object]$__cmdletization_value = ${FilteringFlags} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'FilteringFlags'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospFlags'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'FilteringFlags'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospFlags'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PublicInterfaceAliases')) { [object]$__cmdletization_value = ${PublicInterfaceAliases} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PublicInterfaceAliases'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PublicInterfaceAliases'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PrivateInterfaceAliases')) { [object]$__cmdletization_value = ${PrivateInterfaceAliases} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrivateInterfaceAliases'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrivateInterfaceAliases'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PublicV6Address')) { [object]$__cmdletization_value = ${PublicV6Address} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PublicV6Address'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'P ScriptBlock ID: 6bd371ef-0629-4ea8-8fad-538d9a8a1cc0 Path:	4104	1		3	2	15	0	2082	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:52 PM	839e3e65-ff4b-0004-0352-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): __cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxStateEntries')) { [object]$__cmdletization_value = ${MaxStateEntries} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxStateEntries'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxStateEntries'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxPerIPRateLimitQueues')) { [object]$__cmdletization_value = ${MaxPerIPRateLimitQueues} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxPerIPRateLimitQueues'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxPerIPRateLimitQueues'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnabledKeyingModules')) { [object]$__cmdletization_value = ${EnabledKeyingModules} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnabledKeyingModules'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospKeyModules'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnabledKeyingModules'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospKeyModules'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('FilteringFlags')) { [object]$__cmdletization_value = ${FilteringFlags} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'FilteringFlags'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospFlags'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'FilteringFlags'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospFlags'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PublicInterfaceAliases')) { [object]$__cmdletization_value = ${PublicInterfaceAliases} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PublicInterfaceAliases'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PublicInterfaceAliases'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PrivateInterfaceAliases')) { [object]$__cmdletization_value = ${PrivateInterfaceAliases} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrivateInterfaceAliases'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrivateInterfaceAliases'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PublicV6Address')) { [object]$__cmdletization_value = ${PublicV6Address} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PublicV6Address'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PublicV6Address'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PrivateV6Address')) { [object]$__cmdletization_value = ${PrivateV6Address} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrivateV6Address'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrivateV6Address'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:CreateInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecDospSetting.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetIPsecDospSetting' -Alias '*' function Get-NetIPsecDospSetting { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIPsecDoSPSetting')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('ElementName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecDospSetting.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPsecDospSetting' -Alias '*' function Set-NetIPsecDospSetting { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIPsecDoSPSetting')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIPsecDoSPSetting')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${StateIdleTimeoutSeconds}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${PerIPRateLimitQueueIdleTimeoutSeconds}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${IpV6IPsecUnauthDscp}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${IpV6IPsecUnauthRateLimitBytesPerSec}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${IpV6IPsecUnauthPerIPRateLimitBytesPerSec}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint16] ${IpV6IPsecAuthDscp}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${IpV6IPsecAuthRateLimitBytesPerSec}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint16] ${IcmpV6Dscp}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${IcmpV6RateLimitBytesPerSec}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${IpV6FilterExemptDscp}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${IpV6FilterExemptRateLimitBytesPerSec}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint16] ${DefBlockExemptDscp}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${DefBlockExemptRateLimitBytesPerSec}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${MaxStateEntries}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${MaxPerIPRateLimitQueues}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospKeyModules] ${EnabledKeyingModules}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospFlags] ${FilteringFlags}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [WildcardPattern[]] ${PublicInterfaceAliases}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [WildcardPattern[]] ${PrivateInterfaceAliases}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${PublicV6Address}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${PrivateV6Address}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('ElementName', $__cmdletization_values, $true, 'Default') } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @ ScriptBlock ID: 6bd371ef-0629-4ea8-8fad-538d9a8a1cc0 Path:	4104	1		3	2	15	0	2081	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:52 PM	839e3e65-ff4b-0004-0352-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetIPsecDoSPSetting' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetIPsecDospSetting { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] param( [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [string] ${Name}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${StateIdleTimeoutSeconds}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${PerIPRateLimitQueueIdleTimeoutSeconds}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${IpV6IPsecUnauthDscp}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${IpV6IPsecUnauthRateLimitBytesPerSec}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${IpV6IPsecUnauthPerIPRateLimitBytesPerSec}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint16] ${IpV6IPsecAuthDscp}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${IpV6IPsecAuthRateLimitBytesPerSec}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint16] ${IcmpV6Dscp}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${IcmpV6RateLimitBytesPerSec}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${IpV6FilterExemptDscp}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${IpV6FilterExemptRateLimitBytesPerSec}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint16] ${DefBlockExemptDscp}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${DefBlockExemptRateLimitBytesPerSec}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${MaxStateEntries}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${MaxPerIPRateLimitQueues}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospKeyModules] ${EnabledKeyingModules}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospFlags] ${FilteringFlags}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [WildcardPattern[]] ${PublicInterfaceAliases}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [WildcardPattern[]] ${PrivateInterfaceAliases}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${PublicV6Address}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${PrivateV6Address}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Name')) { [object]$__cmdletization_value = ${Name} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('StateIdleTimeoutSeconds')) { [object]$__cmdletization_value = ${StateIdleTimeoutSeconds} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'StateIdleTimeoutSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'StateIdleTimeoutSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PerIPRateLimitQueueIdleTimeoutSeconds')) { [object]$__cmdletization_value = ${PerIPRateLimitQueueIdleTimeoutSeconds} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PerIPRateLimitQueueIdleTimeoutSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PerIPRateLimitQueueIdleTimeoutSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6IPsecUnauthDscp')) { [object]$__cmdletization_value = ${IpV6IPsecUnauthDscp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthDscp'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthDscp'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6IPsecUnauthRateLimitBytesPerSec')) { [object]$__cmdletization_value = ${IpV6IPsecUnauthRateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6IPsecUnauthPerIPRateLimitBytesPerSec')) { [object]$__cmdletization_value = ${IpV6IPsecUnauthPerIPRateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthPerIPRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthPerIPRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6IPsecAuthDscp')) { [object]$__cmdletization_value = ${IpV6IPsecAuthDscp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecAuthDscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecAuthDscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6IPsecAuthRateLimitBytesPerSec')) { [object]$__cmdletization_value = ${IpV6IPsecAuthRateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecAuthRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecAuthRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IcmpV6Dscp')) { [object]$__cmdletization_value = ${IcmpV6Dscp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpV6Dscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpV6Dscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IcmpV6RateLimitBytesPerSec')) { [object]$__cmdletization_value = ${IcmpV6RateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpV6RateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpV6RateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6FilterExemptDscp')) { [object]$__cmdletization_value = ${IpV6FilterExemptDscp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6FilterExemptDscp'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6FilterExemptDscp'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6FilterExemptRateLimitBytesPerSec')) { [object]$__cmdletization_value = ${IpV6FilterExemptRateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6FilterExemptRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6FilterExemptRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefBlockExemptDscp')) { [object]$__cmdletization_value = ${DefBlockExemptDscp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefBlockExemptDscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefBlockExemptDscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefBlockExemptRateLimitBytesPerSec')) { [object]$__cmdletization_value = ${DefBlockExemptRateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefBlockExemptRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefBlockExemptRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $ ScriptBlock ID: 6bd371ef-0629-4ea8-8fad-538d9a8a1cc0 Path:	4104	1		3	2	15	0	2080	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:52 PM	839e3e65-ff4b-0004-0352-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetSecDeltaCollection' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } ScriptBlock ID: 8da1ede7-91a3-4ab7-860e-01b3dc62dce6 Path:	4104	1		3	2	15	0	2079	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:52 PM	839e3e65-ff4b-0004-0152-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): oolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableStealthModeForIPsec')) { [object]$__cmdletization_value = ${EnableStealthModeForIPsec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableStealthModeForIPsec'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableStealthModeForIPsec'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LogFileName')) { [object]$__cmdletization_value = ${LogFileName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LogFileName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LogFileName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LogMaxSizeKilobytes')) { [object]$__cmdletization_value = ${LogMaxSizeKilobytes} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LogMaxSizeKilobytes'; ParameterType = 'System.UInt64'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LogMaxSizeKilobytes'; ParameterType = 'System.UInt64'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LogAllowed')) { [object]$__cmdletization_value = ${LogAllowed} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LogAllowed'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LogAllowed'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LogBlocked')) { [object]$__cmdletization_value = ${LogBlocked} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LogBlocked'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LogBlocked'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LogIgnored')) { [object]$__cmdletization_value = ${LogIgnored} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LogIgnored'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LogIgnored'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisabledInterfaceAliases')) { [object]$__cmdletization_value = ${DisabledInterfaceAliases} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisabledInterfaceAliases'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisabledInterfaceAliases'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallProfile.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetFirewallProfile' -Alias '*' ScriptBlock ID: 1e5e7bbc-7a3e-48e7-a5ea-6a39720e5349 Path:	4104	1		3	2	15	0	2078	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:52 PM	839e3e65-ff4b-0004-fd51-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): e='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${LogIgnored}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${DisabledInterfaceAliases}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefaultInboundAction')) { [object]$__cmdletization_value = ${DefaultInboundAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefaultInboundAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefaultInboundAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefaultOutboundAction')) { [object]$__cmdletization_value = ${DefaultOutboundAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefaultOutboundAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefaultOutboundAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowInboundRules')) { [object]$__cmdletization_value = ${AllowInboundRules} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowInboundRules'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowInboundRules'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowLocalFirewallRules')) { [object]$__cmdletization_value = ${AllowLocalFirewallRules} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowLocalFirewallRules'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowLocalFirewallRules'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowLocalIPsecRules')) { [object]$__cmdletization_value = ${AllowLocalIPsecRules} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowLocalIPsecRules'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowLocalIPsecRules'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowUserApps')) { [object]$__cmdletization_value = ${AllowUserApps} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowUserApps'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowUserApps'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowUserPorts')) { [object]$__cmdletization_value = ${AllowUserPorts} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowUserPorts'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowUserPorts'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowUnicastResponseToMulticast')) { [object]$__cmdletization_value = ${AllowUnicastResponseToMulticast} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowUnicastResponseToMulticast'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowUnicastResponseToMulticast'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NotifyOnListen')) { [object]$__cmdletization_value = ${NotifyOnListen} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NotifyOnListen'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NotifyOnListen'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoB ScriptBlock ID: 1e5e7bbc-7a3e-48e7-a5ea-6a39720e5349 Path:	4104	1		3	2	15	0	2077	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:52 PM	839e3e65-ff4b-0004-fd51-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetFirewallProfile' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetFirewallProfile { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('Profile')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallRule') -and (@('ByAssociatedNetFirewallRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallRule}, 'MSFT_NetFirewallRuleInProfile', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleInProfile', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeRule') -and (@('ByAssociatedNetIPsecMainModeRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeRule}, 'MSFT_NetMainModeRuleInProfile', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByAssociatedNetFirewallRule', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByAssociatedNetFirewallRule', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallProfile.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetFirewallProfile' -Alias '*' function Set-NetFirewallProfile { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('Profile')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action] ${DefaultInboundAction}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action] ${DefaultOutboundAction}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${AllowInboundRules}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${AllowLocalFirewallRules}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${AllowLocalIPsecRules}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${AllowUserApps}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${AllowUserPorts}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${AllowUnicastResponseToMulticast}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${NotifyOnListen}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${EnableStealthModeForIPsec}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${LogFileName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint64] ${LogMaxSizeKilobytes}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${LogAllowed}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${LogBlocked}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetNam ScriptBlock ID: 1e5e7bbc-7a3e-48e7-a5ea-6a39720e5349 Path:	4104	1		3	2	15	0	2076	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:52 PM	839e3e65-ff4b-0004-fd51-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): ) -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewPolicyStore')) { [object]$__cmdletization_value = ${NewPolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewGPOSession')) { [object]$__cmdletization_value = ${NewGPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('CloneObject', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecQuickModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Copy-NetIPsecQuickModeCryptoSet' -Alias '*' ScriptBlock ID: f87a56bc-1c89-4310-8077-ca3adb6b4180 Path:	4104	1		3	2	15	0	2075	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:52 PM	839e3e65-ff4b-0004-f551-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): hrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PerfectForwardSecrecyGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PerfectForwardSecrecyGroup}) $__cmdletization_queryBuilder.FilterByProperty('PfsGroupID', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleQMCryptoSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Rename', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecQuickModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Rename-NetIPsecQuickModeCryptoSet' -Alias '*' function Copy-NetIPsecQuickModeCryptoSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [Alias('PfsGroup')] [ValidateNotNull()] [Microsoft.Windows.Firewall.Commands.DiffieHellmanGroup[]] ${PerfectForwardSecrecyGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewPolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewGPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PerfectForwardSecrecyGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PerfectForwardSecrecyGroup}) $__cmdletization_queryBuilder.FilterByProperty('PfsGroupID', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleQMCryptoSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll' ScriptBlock ID: f87a56bc-1c89-4310-8077-ca3adb6b4180 Path:	4104	1		3	2	15	0	2074	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:52 PM	839e3e65-ff4b-0004-f551-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): ptoSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [Alias('PfsGroup')] [ValidateNotNull()] [Microsoft.Windows.Firewall.Commands.DiffieHellmanGroup[]] ${PerfectForwardSecrecyGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PerfectForwardSecrecyGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PerfectForwardSecrecyGroup}) $__cmdletization_queryBuilder.FilterByProperty('PfsGroupID', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleQMCryptoSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecQuickModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetIPsecQuickModeCryptoSet' -Alias '*' function Rename-NetIPsecQuickModeCryptoSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [Alias('PfsGroup')] [ValidateNotNull()] [Microsoft.Windows.Firewall.Commands.DiffieHellmanGroup[]] ${PerfectForwardSecrecyGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName', Mandatory=$true)] [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [Parameter(ParameterSetName='ByQuery', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true)] [Parameter(ParameterSetName='GetAll', Mandatory=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true)] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenT ScriptBlock ID: f87a56bc-1c89-4310-8077-ca3adb6b4180 Path:	4104	1		3	2	15	0	2073	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:52 PM	839e3e65-ff4b-0004-f551-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PerfectForwardSecrecyGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PerfectForwardSecrecyGroup}) $__cmdletization_queryBuilder.FilterByProperty('PfsGroupID', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleQMCryptoSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecQuickModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPsecQuickModeCryptoSet' -Alias '*' function Set-NetIPsecQuickModeCryptoSet { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByDisplayGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewDisplayName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Description}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ciminstance[]] ${Proposal}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('PfsGroup')] [Microsoft.Windows.Firewall.Commands.DiffieHellmanGroup] ${PerfectForwardSecrecyGroup}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByDisplayGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewDisplayName')) { [object]$__cmdletization_value = ${NewDisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Proposal')) { [object]$__cmdletization_value = ${Proposal} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PerfectForwardSecrecyGroup')) { [object]$__cmdletization_value = ${PerfectForwardSecrecyGroup} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PfsGroupID'; ParameterType = 'Microsoft.Windows.Firewall.Commands.DiffieHellmanGroup'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PfsGroupID'; ParameterType = 'Microsoft.Windows.Firewall.Commands.DiffieHellmanGroup'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecQuickModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetIPsecQuickModeCryptoSet' -Alias '*' function Remove-NetIPsecQuickModeCry ScriptBlock ID: f87a56bc-1c89-4310-8077-ca3adb6b4180 Path:	4104	1		3	2	15	0	2072	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:52 PM	839e3e65-ff4b-0004-f551-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetIKEQMCryptoSet' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetIPsecQuickModeCryptoSet { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] param( [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${PolicyStore}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${GPOSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('ID')] [string] ${Name}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [string] ${DisplayName}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Description}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Group}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [ciminstance[]] ${Proposal}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('PfsGroup')] [Microsoft.Windows.Firewall.Commands.DiffieHellmanGroup] ${PerfectForwardSecrecyGroup}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${Default}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GPOSession')) { [object]$__cmdletization_value = ${GPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Name')) { [object]$__cmdletization_value = ${Name} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisplayName')) { [object]$__cmdletization_value = ${DisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Group')) { [object]$__cmdletization_value = ${Group} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Proposal')) { [object]$__cmdletization_value = ${Proposal} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PerfectForwardSecrecyGroup')) { [object]$__cmdletization_value = ${PerfectForwardSecrecyGroup} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PfsGroupID'; ParameterType = 'Microsoft.Windows.Firewall.Commands.DiffieHellmanGroup'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PfsGroupID'; ParameterType = 'Microsoft.Windows.Firewall.Commands.DiffieHellmanGroup'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Default')) { [object]$__cmdletization_value = ${Default} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Default'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Default'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:CreateInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecQuickModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetIPsecQuickModeCryptoSet' -Alias '*' function Get-NetIPsecQuickModeCryptoSet { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [Alias('PfsGroup')] [ValidateNotNull()] [Microsoft.Windows.Firewall.Commands.DiffieHellmanGroup[]] ${PerfectForwardSecrecyGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { ScriptBlock ID: f87a56bc-1c89-4310-8077-ca3adb6b4180 Path:	4104	1		3	2	15	0	2071	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:52 PM	839e3e65-ff4b-0004-f551-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (7 of 7): try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('MaxMinutes') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxMinutes}) $__cmdletization_queryBuilder.FilterByProperty('MaxLifetimeMinutes', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MaxSessions') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxSessions}) $__cmdletization_queryBuilder.FilterByProperty('MaxLifetimeSessions', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ForceDiffieHellman') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForceDiffieHellman}) $__cmdletization_queryBuilder.FilterByProperty('ForceDiffieHellman', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeRule') -and (@('ByAssociatedNetIPsecMainModeRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeRule}, 'MSFT_NetMainModeRuleMMCryptoSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewPolicyStore')) { [object]$__cmdletization_value = ${NewPolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewGPOSession')) { [object]$__cmdletization_value = ${NewGPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('CloneObject', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Copy-NetIPsecMainModeCryptoSet' -Alias '*' ScriptBlock ID: f78040fd-16f2-49c3-a855-439e1394a827 Path:	4104	1		3	2	15	0	2070	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:52 PM	839e3e65-ff4b-0004-ed51-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 7): eSessions', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ForceDiffieHellman') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForceDiffieHellman}) $__cmdletization_queryBuilder.FilterByProperty('ForceDiffieHellman', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeRule') -and (@('ByAssociatedNetIPsecMainModeRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeRule}, 'MSFT_NetMainModeRuleMMCryptoSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Rename', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Rename-NetIPsecMainModeCryptoSet' -Alias '*' function Copy-NetIPsecMainModeCryptoSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${MaxMinutes}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${MaxSessions}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${ForceDiffieHellman}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEMMCryptoSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewPolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewGPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false ScriptBlock ID: f78040fd-16f2-49c3-a855-439e1394a827 Path:	4104	1		3	2	15	0	2069	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:52 PM	839e3e65-ff4b-0004-ed51-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 7): values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeRule') -and (@('ByAssociatedNetIPsecMainModeRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeRule}, 'MSFT_NetMainModeRuleMMCryptoSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetIPsecMainModeCryptoSet' -Alias '*' function Rename-NetIPsecMainModeCryptoSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${MaxMinutes}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${MaxSessions}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${ForceDiffieHellman}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEMMCryptoSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName', Mandatory=$true)] [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [Parameter(ParameterSetName='ByQuery', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true)] [Parameter(ParameterSetName='GetAll', Mandatory=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true)] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('MaxMinutes') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxMinutes}) $__cmdletization_queryBuilder.FilterByProperty('MaxLifetimeMinutes', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MaxSessions') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxSessions}) $__cmdletization_queryBuilder.FilterByProperty('MaxLifetim ScriptBlock ID: f78040fd-16f2-49c3-a855-439e1394a827 Path:	4104	1		3	2	15	0	2068	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:52 PM	839e3e65-ff4b-0004-ed51-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 7): eIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxSessions')) { [object]$__cmdletization_value = ${MaxSessions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxLifetimeSessions'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxLifetimeSessions'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ForceDiffieHellman')) { [object]$__cmdletization_value = ${ForceDiffieHellman} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ForceDiffieHellman'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ForceDiffieHellman'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetIPsecMainModeCryptoSet' -Alias '*' function Remove-NetIPsecMainModeCryptoSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${MaxMinutes}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${MaxSessions}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${ForceDiffieHellman}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEMMCryptoSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('MaxMinutes') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxMinutes}) $__cmdletization_queryBuilder.FilterByProperty('MaxLifetimeMinutes', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MaxSessions') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxSessions}) $__cmdletization_queryBuilder.FilterByProperty('MaxLifetimeSessions', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ForceDiffieHellman') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForceDiffieHellman}) $__cmdletization_queryBuilder.FilterByProperty('ForceDiffieHellman', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_ ScriptBlock ID: f78040fd-16f2-49c3-a855-439e1394a827 Path:	4104	1		3	2	15	0	2067	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:52 PM	839e3e65-ff4b-0004-ed51-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 7): le', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPsecMainModeCryptoSet' -Alias '*' function Set-NetIPsecMainModeCryptoSet { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByDisplayGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEMMCryptoSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewDisplayName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Description}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ciminstance[]] ${Proposal}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${MaxMinutes}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${MaxSessions}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${ForceDiffieHellman}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByDisplayGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewDisplayName')) { [object]$__cmdletization_value = ${NewDisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Proposal')) { [object]$__cmdletization_value = ${Proposal} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxMinutes')) { [object]$__cmdletization_value = ${MaxMinutes} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxLifetimeMinutes'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxLifetimeMinutes'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValu ScriptBlock ID: f78040fd-16f2-49c3-a855-439e1394a827 Path:	4104	1		3	2	15	0	2066	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:52 PM	839e3e65-ff4b-0004-ed51-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 7): {ForceDiffieHellman} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ForceDiffieHellman'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ForceDiffieHellman'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Default')) { [object]$__cmdletization_value = ${Default} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Default'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Default'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:CreateInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetIPsecMainModeCryptoSet' -Alias '*' function Get-NetIPsecMainModeCryptoSet { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${MaxMinutes}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${MaxSessions}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${ForceDiffieHellman}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('MaxMinutes') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxMinutes}) $__cmdletization_queryBuilder.FilterByProperty('MaxLifetimeMinutes', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MaxSessions') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxSessions}) $__cmdletization_queryBuilder.FilterByProperty('MaxLifetimeSessions', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ForceDiffieHellman') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForceDiffieHellman}) $__cmdletization_queryBuilder.FilterByProperty('ForceDiffieHellman', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeRule') -and (@('ByAssociatedNetIPsecMainModeRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeRule}, 'MSFT_NetMainModeRuleMMCryptoSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRu ScriptBlock ID: f78040fd-16f2-49c3-a855-439e1394a827 Path:	4104	1		3	2	15	0	2065	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:52 PM	839e3e65-ff4b-0004-ed51-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 7): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetIKEMMCryptoSet' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetIPsecMainModeCryptoSet { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] param( [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${PolicyStore}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${GPOSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('ID')] [string] ${Name}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [string] ${DisplayName}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Description}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Group}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [ciminstance[]] ${Proposal}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${MaxMinutes}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${MaxSessions}, [Parameter(ParameterSetName='cim:CreateInstance0')] [bool] ${ForceDiffieHellman}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${Default}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GPOSession')) { [object]$__cmdletization_value = ${GPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Name')) { [object]$__cmdletization_value = ${Name} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisplayName')) { [object]$__cmdletization_value = ${DisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Group')) { [object]$__cmdletization_value = ${Group} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Proposal')) { [object]$__cmdletization_value = ${Proposal} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxMinutes')) { [object]$__cmdletization_value = ${MaxMinutes} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxLifetimeMinutes'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxLifetimeMinutes'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxSessions')) { [object]$__cmdletization_value = ${MaxSessions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxLifetimeSessions'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxLifetimeSessions'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ForceDiffieHellman')) { [object]$__cmdletization_value = $ ScriptBlock ID: f78040fd-16f2-49c3-a855-439e1394a827 Path:	4104	1		3	2	15	0	2064	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:52 PM	839e3e65-ff4b-0004-ed51-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): ngs = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Rename', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase2AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Rename-NetIPsecPhase2AuthSet' -Alias '*' function Copy-NetIPsecPhase2AuthSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewPolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewGPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleEMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewPolicyStore')) { [object]$__cmdletization_value = ${NewPolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewGPOSession')) { [object]$__cmdletization_value = ${NewGPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('CloneObject', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase2AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Copy-NetIPsecPhase2AuthSet' -Alias '*' ScriptBlock ID: d3bcade1-fd99-43f5-9d1b-8ca76cbbd860 Path:	4104	1		3	2	15	0	2063	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-e551-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleEMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase2AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetIPsecPhase2AuthSet' -Alias '*' function Rename-NetIPsecPhase2AuthSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName', Mandatory=$true)] [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [Parameter(ParameterSetName='ByQuery', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true)] [Parameter(ParameterSetName='GetAll', Mandatory=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true)] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleEMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindi ScriptBlock ID: d3bcade1-fd99-43f5-9d1b-8ca76cbbd860 Path:	4104	1		3	2	15	0	2062	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-e551-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): ion_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleEMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase2AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPsecPhase2AuthSet' -Alias '*' function Set-NetIPsecPhase2AuthSet { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByDisplayGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewDisplayName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Description}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ciminstance[]] ${Proposal}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByDisplayGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewDisplayName')) { [object]$__cmdletization_value = ${NewDisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Proposal')) { [object]$__cmdletization_value = ${Proposal} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase2AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetIPsecPhase2AuthSet' -Alias '*' function Remove-NetIPsecPhase2AuthSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] ScriptBlock ID: d3bcade1-fd99-43f5-9d1b-8ca76cbbd860 Path:	4104	1		3	2	15	0	2061	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-e551-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetIKEP2AuthSet' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetIPsecPhase2AuthSet { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] param( [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${PolicyStore}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${GPOSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('ID')] [string] ${Name}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [string] ${DisplayName}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Description}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Group}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [ciminstance[]] ${Proposal}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${Default}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GPOSession')) { [object]$__cmdletization_value = ${GPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Name')) { [object]$__cmdletization_value = ${Name} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisplayName')) { [object]$__cmdletization_value = ${DisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Group')) { [object]$__cmdletization_value = ${Group} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Proposal')) { [object]$__cmdletization_value = ${Proposal} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Default')) { [object]$__cmdletization_value = ${Default} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Default'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Default'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:CreateInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase2AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetIPsecPhase2AuthSet' -Alias '*' function Get-NetIPsecPhase2AuthSet { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletizat ScriptBlock ID: d3bcade1-fd99-43f5-9d1b-8ca76cbbd860 Path:	4104	1		3	2	15	0	2060	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-e551-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): sBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase1AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Copy-NetIPsecPhase1AuthSet' -Alias '*' ScriptBlock ID: 01585ed8-0704-4b3c-85b0-edb72dcfcecc Path:	4104	1		3	2	15	0	2059	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-dd51-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): y', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Rename', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase1AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Rename-NetIPsecPhase1AuthSet' -Alias '*' function Copy-NetIPsecPhase1AuthSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewPolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewGPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleMMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeRule') -and (@('ByAssociatedNetIPsecMainModeRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeRule}, 'MSFT_NetMainModeRuleMMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewPolicyStore')) { [object]$__cmdletization_value = ${NewPolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewGPOSession')) { [object]$__cmdletization_value = ${NewGPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('CloneObject', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHa ScriptBlock ID: 01585ed8-0704-4b3c-85b0-edb72dcfcecc Path:	4104	1		3	2	15	0	2058	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-dd51-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): SetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleMMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeRule') -and (@('ByAssociatedNetIPsecMainModeRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeRule}, 'MSFT_NetMainModeRuleMMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase1AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetIPsecPhase1AuthSet' -Alias '*' function Rename-NetIPsecPhase1AuthSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName', Mandatory=$true)] [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [Parameter(ParameterSetName='ByQuery', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true)] [Parameter(ParameterSetName='GetAll', Mandatory=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true)] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleMMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeRule') -and (@('ByAssociatedNetIPsecMainModeRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeRule}, 'MSFT_NetMainModeRuleMMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuer ScriptBlock ID: 01585ed8-0704-4b3c-85b0-edb72dcfcecc Path:	4104	1		3	2	15	0	2057	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-dd51-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): Name )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleMMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeRule') -and (@('ByAssociatedNetIPsecMainModeRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeRule}, 'MSFT_NetMainModeRuleMMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase1AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPsecPhase1AuthSet' -Alias '*' function Set-NetIPsecPhase1AuthSet { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByDisplayGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewDisplayName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Description}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ciminstance[]] ${Proposal}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByDisplayGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewDisplayName')) { [object]$__cmdletization_value = ${NewDisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Proposal')) { [object]$__cmdletization_value = ${Proposal} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase1AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetIPsecPhase1AuthSet' -Alias '*' function Remove-NetIPsecPhase1AuthSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(Parameter ScriptBlock ID: 01585ed8-0704-4b3c-85b0-edb72dcfcecc Path:	4104	1		3	2	15	0	2056	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-dd51-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetIKEP1AuthSet' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetIPsecPhase1AuthSet { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] param( [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${PolicyStore}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${GPOSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('ID')] [string] ${Name}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [string] ${DisplayName}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Description}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Group}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [ciminstance[]] ${Proposal}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${Default}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GPOSession')) { [object]$__cmdletization_value = ${GPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Name')) { [object]$__cmdletization_value = ${Name} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisplayName')) { [object]$__cmdletization_value = ${DisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Group')) { [object]$__cmdletization_value = ${Group} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Proposal')) { [object]$__cmdletization_value = ${Proposal} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Default')) { [object]$__cmdletization_value = ${Default} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Default'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Default'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:CreateInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase1AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetIPsecPhase1AuthSet' -Alias '*' function Get-NetIPsecPhase1AuthSet { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSet ScriptBlock ID: 01585ed8-0704-4b3c-85b0-edb72dcfcecc Path:	4104	1		3	2	15	0	2055	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-dd51-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetServiceFilter' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetFirewallServiceFilter { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetServiceFilter')] param( [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Service}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Service') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Service}) $__cmdletization_queryBuilder.FilterByProperty('ServiceName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallRule') -and (@('ByAssociatedNetFirewallRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallRule}, 'MSFT_NetFirewallRuleFilterByService', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByQuery', 'ByAssociatedNetFirewallRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByQuery', 'ByAssociatedNetFirewallRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallServiceFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetFirewallServiceFilter' -Alias '*' function Set-NetFirewallServiceFilter { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetServiceFilter')] param( [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetServiceFilter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Service}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('Query (cdxml)', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Service')) { [object]$__cmdletization_value = ${Service} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ServiceName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ServiceName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallServiceFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetFirewallServiceFilter' -Alias '*' ScriptBlock ID: 2a8d8b54-aa2b-41a6-9bfb-d2d4a50d5792 Path:	4104	1		3	2	15	0	2054	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-d951-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetProtocolPortFilter' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetFirewallPortFilter { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] param( [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Protocol}, [Parameter(ParameterSetName='ByQuery')] [Alias('DynamicTransport')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DynamicTransport[]] ${DynamicTarget}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Protocol') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Protocol}) $__cmdletization_queryBuilder.FilterByProperty('Protocol', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DynamicTarget') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DynamicTarget}) $__cmdletization_queryBuilder.FilterByProperty('DynamicTransport', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallRule') -and (@('ByAssociatedNetFirewallRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallRule}, 'MSFT_NetFirewallRuleFilterByProtocolPort', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleFilterByProtocolPort', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByQuery', 'ByAssociatedNetFirewallRule', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByQuery', 'ByAssociatedNetFirewallRule', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallPortFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetFirewallPortFilter' -Alias '*' function Set-NetFirewallPortFilter { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] param( [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Protocol}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${LocalPort}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${RemotePort}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${IcmpType}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('DynamicTransport')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DynamicTransport] ${DynamicTarget}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('Query (cdxml)', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Protocol')) { [object]$__cmdletization_value = ${Protocol} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalPort')) { [object]$__cmdletization_value = ${LocalPort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalPort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalPort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemotePort')) { [object]$__cmdletization_value = ${RemotePort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemotePort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemotePort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IcmpType')) { [object]$__cmdletization_value = ${IcmpType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpType'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpType'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DynamicTarget')) { [object]$__cmdletization_value = ${DynamicTarget} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DynamicTransport'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DynamicTransport'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DynamicTransport'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DynamicTransport'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallPortFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetFirewallPortFilter' -Alias '*' ScriptBlock ID: 5721d41e-ce35-4ffa-86d7-60beb7ea26a7 Path:	4104	1		3	2	15	0	2053	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-d551-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): eter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallSecurityFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetFirewallSecurityFilter' -Alias '*' ScriptBlock ID: bcc96a21-889b-41cd-a571-cee4991903c0 Path:	4104	1		3	2	15	0	2052	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-d151-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetNetworkLayerSecurityFilter' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetFirewallSecurityFilter { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetNetworkLayerSecurityFilter')] param( [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Authentication[]] ${Authentication}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Encryption[]] ${Encryption}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${OverrideBlockRules}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${LocalUser}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${RemoteUser}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${RemoteMachine}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Authentication') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Authentication}) $__cmdletization_queryBuilder.FilterByProperty('Authentication', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Encryption') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Encryption}) $__cmdletization_queryBuilder.FilterByProperty('Encryption', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OverrideBlockRules') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OverrideBlockRules}) $__cmdletization_queryBuilder.FilterByProperty('OverrideBlockRules', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LocalUser') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LocalUser}) $__cmdletization_queryBuilder.FilterByProperty('LocalUsers', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('RemoteUser') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemoteUser}) $__cmdletization_queryBuilder.FilterByProperty('RemoteUsers', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('RemoteMachine') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemoteMachine}) $__cmdletization_queryBuilder.FilterByProperty('RemoteMachines', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallRule') -and (@('ByAssociatedNetFirewallRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallRule}, 'MSFT_NetFirewallRuleFilterBySecurity', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByQuery', 'ByAssociatedNetFirewallRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByQuery', 'ByAssociatedNetFirewallRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallSecurityFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetFirewallSecurityFilter' -Alias '*' function Set-NetFirewallSecurityFilter { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetNetworkLayerSecurityFilter')] param( [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetNetworkLayerSecurityFilter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Authentication] ${Authentication}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Encryption] ${Encryption}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${OverrideBlockRules}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${LocalUser}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${RemoteUser}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${RemoteMachine}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('Query (cdxml)', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Authentication')) { [object]$__cmdletization_value = ${Authentication} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Authentication'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Authentication'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Authentication'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Authentication'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Encryption')) { [object]$__cmdletization_value = ${Encryption} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Encryption'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Encryption'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Encryption'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Encryption'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('OverrideBlockRules')) { [object]$__cmdletization_value = ${OverrideBlockRules} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'OverrideBlockRules'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'OverrideBlockRules'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalUser')) { [object]$__cmdletization_value = ${LocalUser} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalUsers'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalUsers'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteUser')) { [object]$__cmdletization_value = ${RemoteUser} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteUsers'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteUsers'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteMachine')) { [object]$__cmdletization_value = ${RemoteMachine} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteMachines'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteMachines'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParam ScriptBlock ID: bcc96a21-889b-41cd-a571-cee4991903c0 Path:	4104	1		3	2	15	0	2051	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-d151-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetInterfaceTypeFilter' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetFirewallInterfaceTypeFilter { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] param( [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType[]] ${InterfaceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('InterfaceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceType}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallRule') -and (@('ByAssociatedNetFirewallRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallRule}, 'MSFT_NetFirewallRuleFilterByInterfaceType', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleFilterByInterfaceType', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByQuery', 'ByAssociatedNetFirewallRule', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByQuery', 'ByAssociatedNetFirewallRule', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallInterfaceTypeFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetFirewallInterfaceTypeFilter' -Alias '*' function Set-NetFirewallInterfaceTypeFilter { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] param( [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType] ${InterfaceType}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('Query (cdxml)', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceType')) { [object]$__cmdletization_value = ${InterfaceType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallInterfaceTypeFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetFirewallInterfaceTypeFilter' -Alias '*' ScriptBlock ID: 66119486-b55d-4e26-93de-df344db22b1a Path:	4104	1		3	2	15	0	2050	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-cd51-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetInterfaceFilter' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetFirewallInterfaceFilter { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] param( [Parameter(ParameterSetName='ByAssociatedNetFirewallRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallRule') -and (@('ByAssociatedNetFirewallRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallRule}, 'MSFT_NetFirewallRuleFilterByInterface', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleFilterByInterface', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByAssociatedNetFirewallRule', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByAssociatedNetFirewallRule', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallInterfaceFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetFirewallInterfaceFilter' -Alias '*' function Set-NetFirewallInterfaceFilter { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] param( [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('Query (cdxml)', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceAlias')) { [object]$__cmdletization_value = ${InterfaceAlias} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceAlias'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceAlias'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallInterfaceFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetFirewallInterfaceFilter' -Alias '*' ScriptBlock ID: d1a59e80-64ea-401d-92e3-99b0003d9ebc Path:	4104	1		3	2	15	0	2049	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-c951-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetApplicationFilter' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetFirewallApplicationFilter { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetApplicationFilter')] param( [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Program}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Package}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Program') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Program}) $__cmdletization_queryBuilder.FilterByProperty('AppPath', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Package') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Package}) $__cmdletization_queryBuilder.FilterByProperty('Package', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallRule') -and (@('ByAssociatedNetFirewallRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallRule}, 'MSFT_NetFirewallRuleFilterByApplication', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByQuery', 'ByAssociatedNetFirewallRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByQuery', 'ByAssociatedNetFirewallRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallApplicationFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetFirewallApplicationFilter' -Alias '*' function Set-NetFirewallApplicationFilter { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetApplicationFilter')] param( [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetApplicationFilter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Program}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Package}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('Query (cdxml)', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Program')) { [object]$__cmdletization_value = ${Program} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AppPath'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AppPath'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Package')) { [object]$__cmdletization_value = ${Package} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Package'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Package'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallApplicationFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetFirewallApplicationFilter' -Alias '*' ScriptBlock ID: 7d863387-9432-4633-a72c-d71da76c953b Path:	4104	1		3	2	15	0	2048	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-c551-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetAddressFilter' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetFirewallAddressFilter { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] param( [Parameter(ParameterSetName='ByAssociatedNetFirewallRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallRule') -and (@('ByAssociatedNetFirewallRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallRule}, 'MSFT_NetFirewallRuleFilterByAddress', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleFilterByAddress', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeRule') -and (@('ByAssociatedNetIPsecMainModeRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeRule}, 'MSFT_NetMainModeRuleFilterByAddress', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByAssociatedNetFirewallRule', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByAssociatedNetFirewallRule', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallAddressFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetFirewallAddressFilter' -Alias '*' function Set-NetFirewallAddressFilter { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] param( [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('LocalIP')] [string[]] ${LocalAddress}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('RemoteIP')] [string[]] ${RemoteAddress}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('Query (cdxml)', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalAddress')) { [object]$__cmdletization_value = ${LocalAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteAddress')) { [object]$__cmdletization_value = ${RemoteAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallAddressFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetFirewallAddressFilter' -Alias '*' ScriptBlock ID: 21304c81-6d66-4c86-8ce4-3676f241ec7a Path:	4104	1		3	2	15	0	2047	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-c151-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (11 of 11): contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetIPsecMainModeRule' -Alias '*' ScriptBlock ID: e2f8cf75-6d1e-4c05-acb9-703319c9b935 Path:	4104	1		3	2	15	0	2046	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-b751-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (10 of 11): [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${MainModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MainModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MainModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('MainModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetMainModeRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetMainModeRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetMainModeRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeCryptoSet') -and (@('ByAssociatedNetIPsecMainModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeCryptoSet}, 'MSFT_NetMainModeRuleMMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') - ScriptBlock ID: e2f8cf75-6d1e-4c05-acb9-703319c9b935 Path:	4104	1		3	2	15	0	2045	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-b751-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (9 of 11): IPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MainModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MainModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('MainModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetMainModeRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetMainModeRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetMainModeRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeCryptoSet') -and (@('ByAssociatedNetIPsecMainModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeCryptoSet}, 'MSFT_NetMainModeRuleMMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetIPsecMainModeRule' -Alias '*' function Disable-NetIPsecMainModeRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] ScriptBlock ID: e2f8cf75-6d1e-4c05-acb9-703319c9b935 Path:	4104	1		3	2	15	0	2044	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-b751-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (8 of 11): if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MainModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MainModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('MainModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetMainModeRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetMainModeRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetMainModeRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeCryptoSet') -and (@('ByAssociatedNetIPsecMainModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeCryptoSet}, 'MSFT_NetMainModeRuleMMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewPolicyStore')) { [object]$__cmdletization_value = ${NewPolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewGPOSession')) { [object]$__cmdletization_value = ${NewGPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('CloneObject', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Copy-NetIPsecMainModeRule' -Alias '*' function Enable-NetIPsecMainModeRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${MainModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNet ScriptBlock ID: e2f8cf75-6d1e-4c05-acb9-703319c9b935 Path:	4104	1		3	2	15	0	2043	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-b751-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (7 of 11): oundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Rename', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Rename-NetIPsecMainModeRule' -Alias '*' function Copy-NetIPsecMainModeRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${MainModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewPolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewGPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } ScriptBlock ID: e2f8cf75-6d1e-4c05-acb9-703319c9b935 Path:	4104	1		3	2	15	0	2042	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-b751-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 11): ardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName', Mandatory=$true)] [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [Parameter(ParameterSetName='ByQuery', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet', Mandatory=$true)] [Parameter(ParameterSetName='GetAll', Mandatory=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true)] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MainModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MainModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('MainModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetMainModeRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetMainModeRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetMainModeRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeCryptoSet') -and (@('ByAssociatedNetIPsecMainModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeCryptoSet}, 'MSFT_NetMainModeRuleMMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSB ScriptBlock ID: e2f8cf75-6d1e-4c05-acb9-703319c9b935 Path:	4104	1		3	2	15	0	2041	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-b751-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 11): ainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MainModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MainModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('MainModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetMainModeRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetMainModeRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetMainModeRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeCryptoSet') -and (@('ByAssociatedNetIPsecMainModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeCryptoSet}, 'MSFT_NetMainModeRuleMMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetIPsecMainModeRule' -Alias '*' function Rename-NetIPsecMainModeRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${MainModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/stand ScriptBlock ID: e2f8cf75-6d1e-4c05-acb9-703319c9b935 Path:	4104	1		3	2	15	0	2040	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-b751-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 11): ject]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Profile')) { [object]$__cmdletization_value = ${Profile} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Platform')) { [object]$__cmdletization_value = ${Platform} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MainModeCryptoSet')) { [object]$__cmdletization_value = ${MainModeCryptoSet} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MainModeCryptoSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MainModeCryptoSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Phase1AuthSet')) { [object]$__cmdletization_value = ${Phase1AuthSet} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase1AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase1AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalAddress')) { [object]$__cmdletization_value = ${LocalAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteAddress')) { [object]$__cmdletization_value = ${RemoteAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetIPsecMainModeRule' -Alias '*' function Remove-NetIPsecMainModeRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${MainModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecM ScriptBlock ID: e2f8cf75-6d1e-4c05-acb9-703319c9b935 Path:	4104	1		3	2	15	0	2039	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-b751-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 11): rSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetMainModeRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetMainModeRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetMainModeRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeCryptoSet') -and (@('ByAssociatedNetIPsecMainModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeCryptoSet}, 'MSFT_NetMainModeRuleMMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPsecMainModeRule' -Alias '*' function Set-NetIPsecMainModeRule { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByDisplayGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewDisplayName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Description}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled] ${Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile] ${Profile}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${Platform}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${MainModeCryptoSet}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${LocalAddress}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${RemoteAddress}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByDisplayGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewDisplayName')) { [object]$__cmdletization_value = ${NewDisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [ob ScriptBlock ID: e2f8cf75-6d1e-4c05-acb9-703319c9b935 Path:	4104	1		3	2	15	0	2038	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-b751-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 11): letization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase1AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalAddress')) { [object]$__cmdletization_value = ${LocalAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteAddress')) { [object]$__cmdletization_value = ${RemoteAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:CreateInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetIPsecMainModeRule' -Alias '*' function Get-NetIPsecMainModeRule { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${MainModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MainModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MainModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('MainModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.Paramete ScriptBlock ID: e2f8cf75-6d1e-4c05-acb9-703319c9b935 Path:	4104	1		3	2	15	0	2037	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-b751-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 11): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetMainModeRule' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetIPsecMainModeRule { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] param( [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${PolicyStore}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${GPOSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('ID')] [string] ${Name}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [string] ${DisplayName}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Description}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Group}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled] ${Enabled}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile] ${Profile}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${Platform}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${MainModeCryptoSet}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Phase1AuthSet}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${LocalAddress}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${RemoteAddress}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GPOSession')) { [object]$__cmdletization_value = ${GPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Name')) { [object]$__cmdletization_value = ${Name} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisplayName')) { [object]$__cmdletization_value = ${DisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Group')) { [object]$__cmdletization_value = ${Group} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Profile')) { [object]$__cmdletization_value = ${Profile} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Platform')) { [object]$__cmdletization_value = ${Platform} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MainModeCryptoSet')) { [object]$__cmdletization_value = ${MainModeCryptoSet} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MainModeCryptoSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MainModeCryptoSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Phase1AuthSet')) { [object]$__cmdletization_value = ${Phase1AuthSet} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase1AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmd ScriptBlock ID: e2f8cf75-6d1e-4c05-acb9-703319c9b935 Path:	4104	1		3	2	15	0	2036	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-b751-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (25 of 25): )')] [switch] ${PassThru}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPsecRuleName') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPsecRuleName}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('Query (cdxml)', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Action')) { [object]$__cmdletization_value = ${Action} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Action'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.ChangeAction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Action'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.ChangeAction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPv6Addresses')) { [object]$__cmdletization_value = ${IPv6Addresses} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv6Addresses'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv6Addresses'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPv4Addresses')) { [object]$__cmdletization_value = ${IPv4Addresses} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv4Addresses'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv4Addresses'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EndpointType')) { [object]$__cmdletization_value = ${EndpointType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EndpointType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EndpointType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EndpointType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EndpointType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Output'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('SetPolicyDelta', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Update-NetIPsecRule' -Alias '*' ScriptBlock ID: a266d1c2-9aa6-4acc-bdb9-8a1b09dc4942 Path:	4104	1		3	2	15	0	2035	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-a951-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (24 of 25): ewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetConSecRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetConSecRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase2AuthSet') -and (@('ByAssociatedNetIPsecPhase2AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase2AuthSet}, 'MSFT_NetConSecRuleEMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetConSecRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecQuickModeCryptoSet') -and (@('ByAssociatedNetIPsecQuickModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecQuickModeCryptoSet}, 'MSFT_NetConSecRuleQMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Servers')) { [object]$__cmdletization_value = ${Servers} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Servers'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Servers'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Domains')) { [object]$__cmdletization_value = ${Domains} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Domains'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Domains'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EndpointType')) { [object]$__cmdletization_value = ${EndpointType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EndpointType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EndpointType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EndpointType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EndpointType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AddressType')) { [object]$__cmdletization_value = ${AddressType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.AddressVersion'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.AddressVersion'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Output'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DnsServers')) { [object]$__cmdletization_value = ${DnsServers} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsServers'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsServers'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('SyncPolicyDelta', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Sync-NetIPsecRule' -Alias '*' function Update-NetIPsecRule { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance[]])] param( [Parameter(ParameterSetName='Query (cdxml)', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ID','Name')] [ValidateNotNull()] [string[]] ${IPsecRuleName}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='Query (cdxml)', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.ChangeAction] ${Action}, [Parameter(ParameterSetName='Query (cdxml)', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', ValueFromPipelineByPropertyName=$true)] [string[]] ${IPv6Addresses}, [Parameter(ParameterSetName='Query (cdxml)', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', ValueFromPipelineByPropertyName=$true)] [string[]] ${IPv4Addresses}, [Parameter(ParameterSetName='Query (cdxml)', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EndpointType] ${EndpointType}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml ScriptBlock ID: a266d1c2-9aa6-4acc-bdb9-8a1b09dc4942 Path:	4104	1		3	2	15	0	2034	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-a951-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (23 of 25): QuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${DnsServers}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPsecRuleName') -and (@('ByIPsecRuleName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPsecRuleName}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Mode') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Mode}) $__cmdletization_queryBuilder.FilterByProperty('Mode', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('InboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OutboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OutboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('OutboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('QuickModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${QuickModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('QuickModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase2AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase2AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase2AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('KeyModule') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${KeyModule}) $__cmdletization_queryBuilder.FilterByProperty('KeyModule', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowWatchKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowWatchKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowWatchKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowSetKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowSetKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowSetKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RemoteTunnelHostname') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemoteTunnelHostname}) $__cmdletization_queryBuilder.FilterByProperty('RemoteTunnelEndpointDNSName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('ForwardPathLifetime') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForwardPathLifetime}) $__cmdletization_queryBuilder.FilterByProperty('MaxReturnPathLifetimeSeconds', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EncryptedTunnelBypass') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EncryptedTunnelBypass}) $__cmdletization_queryBuilder.FilterByProperty('BypassTunnelIfEncrypted', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RequireAuthorization') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RequireAuthorization}) $__cmdletization_queryBuilder.FilterByProperty('RequireAuthorization', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('User') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${User}) $__cmdletization_queryBuilder.FilterByProperty('Users', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Machine') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Machine}) $__cmdletization_queryBuilder.FilterByProperty('Machines', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetConSecRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetConSecRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetConSecRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFir ScriptBlock ID: a266d1c2-9aa6-4acc-bdb9-8a1b09dc4942 Path:	4104	1		3	2	15	0	2033	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-a951-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (22 of 25): ng[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode[]] ${Mode}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecIn')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${InboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecOut')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${OutboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${QuickModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase2AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule[]] ${KeyModule}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowWatchKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowSetKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${RemoteTunnelHostname}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${ForwardPathLifetime}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${EncryptedTunnelBypass}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${RequireAuthorization}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${User}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Machine}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase2AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecQuickModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${Servers}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${Domains}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EndpointType] ${EndpointType}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.AddressVersion] ${AddressType}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsec ScriptBlock ID: a266d1c2-9aa6-4acc-bdb9-8a1b09dc4942 Path:	4104	1		3	2	15	0	2032	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-a951-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (21 of 25): Key('InboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('InboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OutboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OutboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('OutboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('QuickModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${QuickModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('QuickModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase2AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase2AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase2AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('KeyModule') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${KeyModule}) $__cmdletization_queryBuilder.FilterByProperty('KeyModule', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowWatchKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowWatchKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowWatchKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowSetKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowSetKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowSetKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RemoteTunnelHostname') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemoteTunnelHostname}) $__cmdletization_queryBuilder.FilterByProperty('RemoteTunnelEndpointDNSName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('ForwardPathLifetime') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForwardPathLifetime}) $__cmdletization_queryBuilder.FilterByProperty('MaxReturnPathLifetimeSeconds', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EncryptedTunnelBypass') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EncryptedTunnelBypass}) $__cmdletization_queryBuilder.FilterByProperty('BypassTunnelIfEncrypted', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RequireAuthorization') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RequireAuthorization}) $__cmdletization_queryBuilder.FilterByProperty('RequireAuthorization', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('User') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${User}) $__cmdletization_queryBuilder.FilterByProperty('Users', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Machine') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Machine}) $__cmdletization_queryBuilder.FilterByProperty('Machines', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetConSecRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetConSecRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetConSecRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetConSecRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetConSecRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase2AuthSet') -and (@('ByAssociatedNetIPsecPhase2AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase2AuthSet}, 'MSFT_NetConSecRuleEMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetConSecRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecQuickModeCryptoSet') -and (@('ByAssociatedNetIPsecQuickModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecQuickModeCryptoSet}, 'MSFT_NetConSecRuleQMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetIPsecRule' -Alias '*' function Sync-NetIPsecRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance[]])] param( [Parameter(ParameterSetName='ByIPsecRuleName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ID','Name')] [ValidateNotNull()] [string[]] ${IPsecRuleName}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [stri ScriptBlock ID: a266d1c2-9aa6-4acc-bdb9-8a1b09dc4942 Path:	4104	1		3	2	15	0	2031	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-a951-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (20 of 25): tNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase2AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecQuickModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPsecRuleName') -and (@('ByIPsecRuleName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPsecRuleName}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Mode') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Mode}) $__cmdletization_queryBuilder.FilterByProperty('Mode', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.Contains ScriptBlock ID: a266d1c2-9aa6-4acc-bdb9-8a1b09dc4942 Path:	4104	1		3	2	15	0	2030	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-a951-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (19 of 25): ) } if ($PSBoundParameters.ContainsKey('ForwardPathLifetime') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForwardPathLifetime}) $__cmdletization_queryBuilder.FilterByProperty('MaxReturnPathLifetimeSeconds', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EncryptedTunnelBypass') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EncryptedTunnelBypass}) $__cmdletization_queryBuilder.FilterByProperty('BypassTunnelIfEncrypted', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RequireAuthorization') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RequireAuthorization}) $__cmdletization_queryBuilder.FilterByProperty('RequireAuthorization', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('User') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${User}) $__cmdletization_queryBuilder.FilterByProperty('Users', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Machine') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Machine}) $__cmdletization_queryBuilder.FilterByProperty('Machines', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetConSecRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetConSecRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetConSecRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetConSecRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetConSecRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase2AuthSet') -and (@('ByAssociatedNetIPsecPhase2AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase2AuthSet}, 'MSFT_NetConSecRuleEMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetConSecRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecQuickModeCryptoSet') -and (@('ByAssociatedNetIPsecQuickModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecQuickModeCryptoSet}, 'MSFT_NetConSecRuleQMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetIPsecRule' -Alias '*' function Disable-NetIPsecRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] param( [Parameter(ParameterSetName='ByIPsecRuleName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ID','Name')] [ValidateNotNull()] [string[]] ${IPsecRuleName}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode[]] ${Mode}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecIn')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${InboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecOut')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${OutboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${QuickModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase2AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule[]] ${KeyModule}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowWatchKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowSetKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${RemoteTunnelHostname}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${ForwardPathLifetime}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${EncryptedTunnelBypass}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${RequireAuthorization}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${User}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Machine}, [Parameter(ParameterSetName='ByQuery')] [ValidateNo ScriptBlock ID: a266d1c2-9aa6-4acc-bdb9-8a1b09dc4942 Path:	4104	1		3	2	15	0	2029	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-a951-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (18 of 25): teNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecQuickModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPsecRuleName') -and (@('ByIPsecRuleName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPsecRuleName}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Mode') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Mode}) $__cmdletization_queryBuilder.FilterByProperty('Mode', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('InboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OutboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OutboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('OutboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('QuickModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${QuickModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('QuickModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase2AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase2AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase2AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('KeyModule') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${KeyModule}) $__cmdletization_queryBuilder.FilterByProperty('KeyModule', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowWatchKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowWatchKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowWatchKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowSetKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowSetKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowSetKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RemoteTunnelHostname') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemoteTunnelHostname}) $__cmdletization_queryBuilder.FilterByProperty('RemoteTunnelEndpointDNSName', $__cmdletization_values, $true, 'Default' ScriptBlock ID: a266d1c2-9aa6-4acc-bdb9-8a1b09dc4942 Path:	4104	1		3	2	15	0	2028	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-a951-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (17 of 25): uickModeCryptoSet') -and (@('ByAssociatedNetIPsecQuickModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecQuickModeCryptoSet}, 'MSFT_NetConSecRuleQMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewPolicyStore')) { [object]$__cmdletization_value = ${NewPolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewGPOSession')) { [object]$__cmdletization_value = ${NewGPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('CloneObject', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Copy-NetIPsecRule' -Alias '*' function Enable-NetIPsecRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] param( [Parameter(ParameterSetName='ByIPsecRuleName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ID','Name')] [ValidateNotNull()] [string[]] ${IPsecRuleName}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode[]] ${Mode}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecIn')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${InboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecOut')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${OutboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${QuickModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase2AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule[]] ${KeyModule}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowWatchKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowSetKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${RemoteTunnelHostname}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${ForwardPathLifetime}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${EncryptedTunnelBypass}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${RequireAuthorization}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${User}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Machine}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase2AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [Valida ScriptBlock ID: a266d1c2-9aa6-4acc-bdb9-8a1b09dc4942 Path:	4104	1		3	2	15	0	2027	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-a951-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (16 of 25): erfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPsecRuleName') -and (@('ByIPsecRuleName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPsecRuleName}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Mode') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Mode}) $__cmdletization_queryBuilder.FilterByProperty('Mode', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('InboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OutboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OutboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('OutboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('QuickModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${QuickModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('QuickModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase2AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase2AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase2AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('KeyModule') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${KeyModule}) $__cmdletization_queryBuilder.FilterByProperty('KeyModule', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowWatchKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowWatchKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowWatchKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowSetKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowSetKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowSetKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RemoteTunnelHostname') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemoteTunnelHostname}) $__cmdletization_queryBuilder.FilterByProperty('RemoteTunnelEndpointDNSName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('ForwardPathLifetime') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForwardPathLifetime}) $__cmdletization_queryBuilder.FilterByProperty('MaxReturnPathLifetimeSeconds', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EncryptedTunnelBypass') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EncryptedTunnelBypass}) $__cmdletization_queryBuilder.FilterByProperty('BypassTunnelIfEncrypted', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RequireAuthorization') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RequireAuthorization}) $__cmdletization_queryBuilder.FilterByProperty('RequireAuthorization', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('User') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${User}) $__cmdletization_queryBuilder.FilterByProperty('Users', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Machine') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Machine}) $__cmdletization_queryBuilder.FilterByProperty('Machines', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetConSecRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetConSecRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetConSecRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetConSecRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetConSecRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase2AuthSet') -and (@('ByAssociatedNetIPsecPhase2AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase2AuthSet}, 'MSFT_NetConSecRuleEMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetConSecRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecQ ScriptBlock ID: a266d1c2-9aa6-4acc-bdb9-8a1b09dc4942 Path:	4104	1		3	2	15	0	2026	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-a951-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (15 of 25): arameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode[]] ${Mode}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecIn')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${InboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecOut')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${OutboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${QuickModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase2AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule[]] ${KeyModule}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowWatchKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowSetKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${RemoteTunnelHostname}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${ForwardPathLifetime}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${EncryptedTunnelBypass}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${RequireAuthorization}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${User}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Machine}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase2AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecQuickModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewPolicyStore}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewGPOSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewName}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInt ScriptBlock ID: a266d1c2-9aa6-4acc-bdb9-8a1b09dc4942 Path:	4104	1		3	2	15	0	2025	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-a951-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (14 of 25): .ContainsKey('Phase2AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase2AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase2AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('KeyModule') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${KeyModule}) $__cmdletization_queryBuilder.FilterByProperty('KeyModule', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowWatchKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowWatchKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowWatchKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowSetKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowSetKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowSetKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RemoteTunnelHostname') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemoteTunnelHostname}) $__cmdletization_queryBuilder.FilterByProperty('RemoteTunnelEndpointDNSName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('ForwardPathLifetime') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForwardPathLifetime}) $__cmdletization_queryBuilder.FilterByProperty('MaxReturnPathLifetimeSeconds', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EncryptedTunnelBypass') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EncryptedTunnelBypass}) $__cmdletization_queryBuilder.FilterByProperty('BypassTunnelIfEncrypted', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RequireAuthorization') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RequireAuthorization}) $__cmdletization_queryBuilder.FilterByProperty('RequireAuthorization', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('User') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${User}) $__cmdletization_queryBuilder.FilterByProperty('Users', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Machine') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Machine}) $__cmdletization_queryBuilder.FilterByProperty('Machines', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetConSecRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetConSecRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetConSecRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetConSecRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetConSecRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase2AuthSet') -and (@('ByAssociatedNetIPsecPhase2AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase2AuthSet}, 'MSFT_NetConSecRuleEMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetConSecRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecQuickModeCryptoSet') -and (@('ByAssociatedNetIPsecQuickModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecQuickModeCryptoSet}, 'MSFT_NetConSecRuleQMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Rename', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Rename-NetIPsecRule' -Alias '*' function Copy-NetIPsecRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] param( [Parameter(ParameterSetName='ByIPsecRuleName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ID','Name')] [ValidateNotNull()] [string[]] ${IPsecRuleName}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [P ScriptBlock ID: a266d1c2-9aa6-4acc-bdb9-8a1b09dc4942 Path:	4104	1		3	2	15	0	2024	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-a951-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (13 of 25): e#root/standardcimv2/MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase2AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecQuickModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByIPsecRuleName', Mandatory=$true)] [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [Parameter(ParameterSetName='ByQuery', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet', Mandatory=$true)] [Parameter(ParameterSetName='GetAll', Mandatory=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true)] [string] ${NewName}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPsecRuleName') -and (@('ByIPsecRuleName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPsecRuleName}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Mode') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Mode}) $__cmdletization_queryBuilder.FilterByProperty('Mode', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('InboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OutboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OutboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('OutboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('QuickModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${QuickModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('QuickModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters ScriptBlock ID: a266d1c2-9aa6-4acc-bdb9-8a1b09dc4942 Path:	4104	1		3	2	15	0	2023	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-a951-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (12 of 25): reSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetConSecRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetConSecRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetConSecRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetConSecRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetConSecRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase2AuthSet') -and (@('ByAssociatedNetIPsecPhase2AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase2AuthSet}, 'MSFT_NetConSecRuleEMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetConSecRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecQuickModeCryptoSet') -and (@('ByAssociatedNetIPsecQuickModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecQuickModeCryptoSet}, 'MSFT_NetConSecRuleQMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetIPsecRule' -Alias '*' function Rename-NetIPsecRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] param( [Parameter(ParameterSetName='ByIPsecRuleName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ID','Name')] [ValidateNotNull()] [string[]] ${IPsecRuleName}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode[]] ${Mode}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecIn')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${InboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecOut')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${OutboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${QuickModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase2AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule[]] ${KeyModule}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowWatchKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowSetKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${RemoteTunnelHostname}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${ForwardPathLifetime}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${EncryptedTunnelBypass}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${RequireAuthorization}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${User}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Machine}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstanc ScriptBlock ID: a266d1c2-9aa6-4acc-bdb9-8a1b09dc4942 Path:	4104	1		3	2	15	0	2022	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-a951-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (11 of 25): leName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPsecRuleName') -and (@('ByIPsecRuleName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPsecRuleName}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Mode') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Mode}) $__cmdletization_queryBuilder.FilterByProperty('Mode', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('InboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OutboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OutboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('OutboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('QuickModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${QuickModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('QuickModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase2AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase2AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase2AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('KeyModule') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${KeyModule}) $__cmdletization_queryBuilder.FilterByProperty('KeyModule', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowWatchKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowWatchKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowWatchKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowSetKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowSetKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowSetKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RemoteTunnelHostname') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemoteTunnelHostname}) $__cmdletization_queryBuilder.FilterByProperty('RemoteTunnelEndpointDNSName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('ForwardPathLifetime') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForwardPathLifetime}) $__cmdletization_queryBuilder.FilterByProperty('MaxReturnPathLifetimeSeconds', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EncryptedTunnelBypass') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EncryptedTunnelBypass}) $__cmdletization_queryBuilder.FilterByProperty('BypassTunnelIfEncrypted', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RequireAuthorization') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RequireAuthorization}) $__cmdletization_queryBuilder.FilterByProperty('RequireAuthorization', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('User') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${User}) $__cmdletization_queryBuilder.FilterByProperty('Users', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Machine') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Machine}) $__cmdletization_queryBuilder.FilterByProperty('Machines', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicySto ScriptBlock ID: a266d1c2-9aa6-4acc-bdb9-8a1b09dc4942 Path:	4104	1		3	2	15	0	2021	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-a951-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (10 of 25): ng[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalPort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemotePort')) { [object]$__cmdletization_value = ${RemotePort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemotePort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemotePort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceAlias')) { [object]$__cmdletization_value = ${InterfaceAlias} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceAlias'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceAlias'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceType')) { [object]$__cmdletization_value = ${InterfaceType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetIPsecRule' -Alias '*' function Remove-NetIPsecRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] param( [Parameter(ParameterSetName='ByIPsecRuleName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ID','Name')] [ValidateNotNull()] [string[]] ${IPsecRuleName}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode[]] ${Mode}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecIn')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${InboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecOut')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${OutboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${QuickModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase2AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule[]] ${KeyModule}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowWatchKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowSetKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${RemoteTunnelHostname}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${ForwardPathLifetime}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${EncryptedTunnelBypass}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${RequireAuthorization}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${User}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Machine}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase2AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecQuickModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByIPsecRu ScriptBlock ID: a266d1c2-9aa6-4acc-bdb9-8a1b09dc4942 Path:	4104	1		3	2	15	0	2020	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-a951-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (9 of 25): ContainsKey('KeyModule')) { [object]$__cmdletization_value = ${KeyModule} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'KeyModule'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'KeyModule'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowWatchKey')) { [object]$__cmdletization_value = ${AllowWatchKey} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowWatchKey'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowWatchKey'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowSetKey')) { [object]$__cmdletization_value = ${AllowSetKey} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowSetKey'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowSetKey'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalTunnelEndpoint')) { [object]$__cmdletization_value = ${LocalTunnelEndpoint} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalTunnelEndpoint'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalTunnelEndpoint'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteTunnelEndpoint')) { [object]$__cmdletization_value = ${RemoteTunnelEndpoint} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteTunnelEndpoint'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteTunnelEndpoint'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteTunnelHostname')) { [object]$__cmdletization_value = ${RemoteTunnelHostname} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteTunnelEndpointDNSName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteTunnelEndpointDNSName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ForwardPathLifetime')) { [object]$__cmdletization_value = ${ForwardPathLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxReturnPathLifetimeSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxReturnPathLifetimeSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EncryptedTunnelBypass')) { [object]$__cmdletization_value = ${EncryptedTunnelBypass} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BypassTunnelIfEncrypted'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BypassTunnelIfEncrypted'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RequireAuthorization')) { [object]$__cmdletization_value = ${RequireAuthorization} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RequireAuthorization'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RequireAuthorization'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('User')) { [object]$__cmdletization_value = ${User} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Users'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Users'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Machine')) { [object]$__cmdletization_value = ${Machine} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Machines'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Machines'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalAddress')) { [object]$__cmdletization_value = ${LocalAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteAddress')) { [object]$__cmdletization_value = ${RemoteAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Protocol')) { [object]$__cmdletization_value = ${Protocol} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalPort')) { [object]$__cmdletization_value = ${LocalPort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalPort'; ParameterType = 'System.Stri ScriptBlock ID: a266d1c2-9aa6-4acc-bdb9-8a1b09dc4942 Path:	4104	1		3	2	15	0	2019	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-a951-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (8 of 25): $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPsecRuleName') -and (@('ByIPsecRuleName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPsecRuleName}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByDisplayGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByIPsecRuleName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewDisplayName')) { [object]$__cmdletization_value = ${NewDisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Profile')) { [object]$__cmdletization_value = ${Profile} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Platform')) { [object]$__cmdletization_value = ${Platform} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Mode')) { [object]$__cmdletization_value = ${Mode} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Mode'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Mode'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InboundSecurity')) { [object]$__cmdletization_value = ${InboundSecurity} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InboundSecurity'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InboundSecurity'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('OutboundSecurity')) { [object]$__cmdletization_value = ${OutboundSecurity} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'OutboundSecurity'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'OutboundSecurity'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('QuickModeCryptoSet')) { [object]$__cmdletization_value = ${QuickModeCryptoSet} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'QuickModeCryptoSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'QuickModeCryptoSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Phase1AuthSet')) { [object]$__cmdletization_value = ${Phase1AuthSet} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase1AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase1AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Phase2AuthSet')) { [object]$__cmdletization_value = ${Phase2AuthSet} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase2AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase2AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters. ScriptBlock ID: a266d1c2-9aa6-4acc-bdb9-8a1b09dc4942 Path:	4104	1		3	2	15	0	2018	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-a951-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (7 of 25): { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] param( [Parameter(ParameterSetName='ByIPsecRuleName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ID','Name')] [ValidateNotNull()] [string[]] ${IPsecRuleName}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByDisplayGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewDisplayName}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Description}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled] ${Enabled}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile] ${Profile}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${Platform}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode] ${Mode}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('SecIn')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy] ${InboundSecurity}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('SecOut')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy] ${OutboundSecurity}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${QuickModeCryptoSet}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Phase2AuthSet}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule] ${KeyModule}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${AllowWatchKey}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${AllowSetKey}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${LocalTunnelEndpoint}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${RemoteTunnelEndpoint}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${RemoteTunnelHostname}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${ForwardPathLifetime}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${EncryptedTunnelBypass}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${RequireAuthorization}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${User}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Machine}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${LocalAddress}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${RemoteAddress}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Protocol}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${LocalPort}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${RemotePort}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [WildcardPattern[]] ${InterfaceAlias}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType] ${InterfaceType}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = ScriptBlock ID: a266d1c2-9aa6-4acc-bdb9-8a1b09dc4942 Path:	4104	1		3	2	15	0	2017	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-a951-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 25): ameters.ContainsKey('IPsecRuleName') -and (@('ByIPsecRuleName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPsecRuleName}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Mode') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Mode}) $__cmdletization_queryBuilder.FilterByProperty('Mode', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('InboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OutboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OutboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('OutboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('QuickModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${QuickModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('QuickModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase2AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase2AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase2AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('KeyModule') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${KeyModule}) $__cmdletization_queryBuilder.FilterByProperty('KeyModule', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowWatchKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowWatchKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowWatchKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowSetKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowSetKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowSetKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RemoteTunnelHostname') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemoteTunnelHostname}) $__cmdletization_queryBuilder.FilterByProperty('RemoteTunnelEndpointDNSName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('ForwardPathLifetime') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForwardPathLifetime}) $__cmdletization_queryBuilder.FilterByProperty('MaxReturnPathLifetimeSeconds', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EncryptedTunnelBypass') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EncryptedTunnelBypass}) $__cmdletization_queryBuilder.FilterByProperty('BypassTunnelIfEncrypted', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RequireAuthorization') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RequireAuthorization}) $__cmdletization_queryBuilder.FilterByProperty('RequireAuthorization', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('User') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${User}) $__cmdletization_queryBuilder.FilterByProperty('Users', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Machine') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Machine}) $__cmdletization_queryBuilder.FilterByProperty('Machines', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetConSecRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetConSecRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetConSecRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetConSecRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetConSecRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase2AuthSet') -and (@('ByAssociatedNetIPsecPhase2AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase2AuthSet}, 'MSFT_NetConSecRuleEMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetConSecRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecQuickModeCryptoSet') -and (@('ByAssociatedNetIPsecQuickModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecQuickModeCryptoSet}, 'MSFT_NetConSecRuleQMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPsecRule' -Alias '*' function Set-NetIPsecRule ScriptBlock ID: a266d1c2-9aa6-4acc-bdb9-8a1b09dc4942 Path:	4104	1		3	2	15	0	2016	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-a951-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 25): mdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Find-NetIPsecRule' -Alias '*' function Get-NetIPsecRule { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] param( [Parameter(ParameterSetName='ByIPsecRuleName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ID','Name')] [ValidateNotNull()] [string[]] ${IPsecRuleName}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode[]] ${Mode}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecIn')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${InboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecOut')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${OutboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${QuickModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase2AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule[]] ${KeyModule}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowWatchKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowSetKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${RemoteTunnelHostname}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${ForwardPathLifetime}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${EncryptedTunnelBypass}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${RequireAuthorization}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${User}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Machine}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase2AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecQuickModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundPar ScriptBlock ID: a266d1c2-9aa6-4acc-bdb9-8a1b09dc4942 Path:	4104	1		3	2	15	0	2015	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-a951-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 25): $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GPOSession')) { [object]$__cmdletization_value = ${GPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Dependents'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameter.ParameterTypeName = 'Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/NetSecurityDeepEnumElement' $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('EnumerateFull', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Show-NetIPsecRule' -Alias '*' function Find-NetIPsecRule { [CmdletBinding(PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance[]])] param( [Parameter(ParameterSetName='Find2')] [string] ${LocalAddress}, [Parameter(ParameterSetName='Find2', Mandatory=$true)] [string] ${RemoteAddress}, [Parameter(ParameterSetName='Find2')] [string] ${Protocol}, [Parameter(ParameterSetName='Find2')] [uint16] ${LocalPort}, [Parameter(ParameterSetName='Find2')] [uint16] ${RemotePort}, [Parameter(ParameterSetName='Find2')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Find2')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Find2')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalAddress')) { [object]$__cmdletization_value = ${LocalAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteAddress')) { [object]$__cmdletization_value = ${RemoteAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Protocol')) { [object]$__cmdletization_value = ${Protocol} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalPort')) { [object]$__cmdletization_value = ${LocalPort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalPort'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalPort'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemotePort')) { [object]$__cmdletization_value = ${RemotePort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemotePort'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemotePort'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Find', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.c ScriptBlock ID: a266d1c2-9aa6-4acc-bdb9-8a1b09dc4942 Path:	4104	1		3	2	15	0	2014	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-a951-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 25): ValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ForwardPathLifetime')) { [object]$__cmdletization_value = ${ForwardPathLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxReturnPathLifetimeSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxReturnPathLifetimeSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EncryptedTunnelBypass')) { [object]$__cmdletization_value = ${EncryptedTunnelBypass} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BypassTunnelIfEncrypted'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BypassTunnelIfEncrypted'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RequireAuthorization')) { [object]$__cmdletization_value = ${RequireAuthorization} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RequireAuthorization'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RequireAuthorization'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('User')) { [object]$__cmdletization_value = ${User} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Users'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Users'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Machine')) { [object]$__cmdletization_value = ${Machine} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Machines'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Machines'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalAddress')) { [object]$__cmdletization_value = ${LocalAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteAddress')) { [object]$__cmdletization_value = ${RemoteAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Protocol')) { [object]$__cmdletization_value = ${Protocol} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalPort')) { [object]$__cmdletization_value = ${LocalPort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalPort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalPort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemotePort')) { [object]$__cmdletization_value = ${RemotePort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemotePort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemotePort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceAlias')) { [object]$__cmdletization_value = ${InterfaceAlias} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceAlias'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceAlias'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceType')) { [object]$__cmdletization_value = ${InterfaceType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:CreateInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetIPsecRule' -Alias '*' function Show-NetIPsecRule { [CmdletBinding(PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance[]])][OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/NetSecurityDeepEnumElement')] param( [Parameter(ParameterSetName='EnumerateFull1')] [string] ${PolicyStore}, [Parameter(ParameterSetName='EnumerateFull1')] [string] ${GPOSession}, [Parameter(ParameterSetName='EnumerateFull1')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='EnumerateFull1')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='EnumerateFull1')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() ScriptBlock ID: a266d1c2-9aa6-4acc-bdb9-8a1b09dc4942 Path:	4104	1		3	2	15	0	2013	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-a951-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 25): [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Profile')) { [object]$__cmdletization_value = ${Profile} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Platform')) { [object]$__cmdletization_value = ${Platform} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Mode')) { [object]$__cmdletization_value = ${Mode} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Mode'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Mode'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InboundSecurity')) { [object]$__cmdletization_value = ${InboundSecurity} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InboundSecurity'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InboundSecurity'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('OutboundSecurity')) { [object]$__cmdletization_value = ${OutboundSecurity} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'OutboundSecurity'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'OutboundSecurity'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('QuickModeCryptoSet')) { [object]$__cmdletization_value = ${QuickModeCryptoSet} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'QuickModeCryptoSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'QuickModeCryptoSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Phase1AuthSet')) { [object]$__cmdletization_value = ${Phase1AuthSet} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase1AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase1AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Phase2AuthSet')) { [object]$__cmdletization_value = ${Phase2AuthSet} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase2AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase2AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('KeyModule')) { [object]$__cmdletization_value = ${KeyModule} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'KeyModule'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'KeyModule'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowWatchKey')) { [object]$__cmdletization_value = ${AllowWatchKey} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowWatchKey'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowWatchKey'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowSetKey')) { [object]$__cmdletization_value = ${AllowSetKey} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowSetKey'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowSetKey'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalTunnelEndpoint')) { [object]$__cmdletization_value = ${LocalTunnelEndpoint} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalTunnelEndpoint'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalTunnelEndpoint'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteTunnelEndpoint')) { [object]$__cmdletization_value = ${RemoteTunnelEndpoint} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteTunnelEndpoint'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteTunnelEndpoint'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteTunnelHostname')) { [object]$__cmdletization_value = ${RemoteTunnelHostname} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteTunnelEndpointDNSName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteTunnelEndpointDNSName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; Is ScriptBlock ID: a266d1c2-9aa6-4acc-bdb9-8a1b09dc4942 Path:	4104	1		3	2	15	0	2012	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-a951-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 25): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetConSecRule' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetIPsecRule { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] param( [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${PolicyStore}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${GPOSession}, [Parameter(ParameterSetName='cim:CreateInstance0', ValueFromPipelineByPropertyName=$true)] [Alias('ID','Name')] [string] ${IPsecRuleName}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [string] ${DisplayName}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Description}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Group}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled] ${Enabled}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile] ${Profile}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${Platform}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode] ${Mode}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('SecIn')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy] ${InboundSecurity}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('SecOut')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy] ${OutboundSecurity}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${QuickModeCryptoSet}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Phase1AuthSet}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Phase2AuthSet}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule] ${KeyModule}, [Parameter(ParameterSetName='cim:CreateInstance0')] [bool] ${AllowWatchKey}, [Parameter(ParameterSetName='cim:CreateInstance0')] [bool] ${AllowSetKey}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${LocalTunnelEndpoint}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${RemoteTunnelEndpoint}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${RemoteTunnelHostname}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${ForwardPathLifetime}, [Parameter(ParameterSetName='cim:CreateInstance0')] [bool] ${EncryptedTunnelBypass}, [Parameter(ParameterSetName='cim:CreateInstance0')] [bool] ${RequireAuthorization}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${User}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Machine}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${LocalAddress}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${RemoteAddress}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Protocol}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${LocalPort}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${RemotePort}, [Parameter(ParameterSetName='cim:CreateInstance0')] [WildcardPattern[]] ${InterfaceAlias}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType] ${InterfaceType}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GPOSession')) { [object]$__cmdletization_value = ${GPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPsecRuleName')) { [object]$__cmdletization_value = ${IPsecRuleName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisplayName')) { [object]$__cmdletization_value = ${DisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Group')) { [object]$__cmdletization_value = ${Group} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = ScriptBlock ID: a266d1c2-9aa6-4acc-bdb9-8a1b09dc4942 Path:	4104	1		3	2	15	0	2011	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0004-a951-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (20 of 20): etName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallServiceFilter}, 'MSFT_NetFirewallRuleFilterByService', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetFirewallRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetFirewallRule' -Alias '*' ScriptBlock ID: 382fedae-36a0-4b7e-9cb3-8d5f381453f5 Path:	4104	1		3	2	15	0	2010	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0005-3f5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (19 of 20): Name='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Direction') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Direction}) $__cmdletization_queryBuilder.FilterByProperty('Direction', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Action') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Action}) $__cmdletization_queryBuilder.FilterByProperty('Action', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EdgeTraversalPolicy') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EdgeTraversalPolicy}) $__cmdletization_queryBuilder.FilterByProperty('EdgeTraversalPolicy', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LooseSourceMapping') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LooseSourceMapping}) $__cmdletization_queryBuilder.FilterByProperty('LooseSourceMapping', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LocalOnlyMapping') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LocalOnlyMapping}) $__cmdletization_queryBuilder.FilterByProperty('LocalOnlyMapping', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Owner') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Owner}) $__cmdletization_queryBuilder.FilterByProperty('Owner', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetFirewallRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallApplicationFilter') -and (@('ByAssociatedNetFirewallApplicationFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallApplicationFilter}, 'MSFT_NetFirewallRuleFilterByApplication', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetFirewallRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetFirewallRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetFirewallRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallSecurityFilter') -and (@('ByAssociatedNetFirewallSecurityFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallSecurityFilter}, 'MSFT_NetFirewallRuleFilterBySecurity', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallServiceFilter') -and (@('ByAssociatedNetFirewallServiceFilter') -contains $PSCmdlet.ParameterS ScriptBlock ID: 382fedae-36a0-4b7e-9cb3-8d5f381453f5 Path:	4104	1		3	2	15	0	2009	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0005-3f5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (18 of 20): rewallServiceFilter') -and (@('ByAssociatedNetFirewallServiceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallServiceFilter}, 'MSFT_NetFirewallRuleFilterByService', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetFirewallRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetFirewallRule' -Alias '*' function Disable-NetFirewallRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Direction[]] ${Direction}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action[]] ${Action}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EdgeTraversal[]] ${EdgeTraversalPolicy}, [Parameter(ParameterSetName='ByQuery')] [Alias('LSM')] [ValidateNotNull()] [bool[]] ${LooseSourceMapping}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${LocalOnlyMapping}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Owner}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetApplicationFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallApplicationFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetNetworkLayerSecurityFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallSecurityFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetServiceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallServiceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSet ScriptBlock ID: 382fedae-36a0-4b7e-9cb3-8d5f381453f5 Path:	4104	1		3	2	15	0	2008	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0005-3f5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (17 of 20): ')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Direction') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Direction}) $__cmdletization_queryBuilder.FilterByProperty('Direction', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Action') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Action}) $__cmdletization_queryBuilder.FilterByProperty('Action', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EdgeTraversalPolicy') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EdgeTraversalPolicy}) $__cmdletization_queryBuilder.FilterByProperty('EdgeTraversalPolicy', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LooseSourceMapping') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LooseSourceMapping}) $__cmdletization_queryBuilder.FilterByProperty('LooseSourceMapping', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LocalOnlyMapping') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LocalOnlyMapping}) $__cmdletization_queryBuilder.FilterByProperty('LocalOnlyMapping', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Owner') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Owner}) $__cmdletization_queryBuilder.FilterByProperty('Owner', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetFirewallRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallApplicationFilter') -and (@('ByAssociatedNetFirewallApplicationFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallApplicationFilter}, 'MSFT_NetFirewallRuleFilterByApplication', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetFirewallRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetFirewallRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetFirewallRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallSecurityFilter') -and (@('ByAssociatedNetFirewallSecurityFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallSecurityFilter}, 'MSFT_NetFirewallRuleFilterBySecurity', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFi ScriptBlock ID: 382fedae-36a0-4b7e-9cb3-8d5f381453f5 Path:	4104	1		3	2	15	0	2007	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0005-3f5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (16 of 20): PolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewPolicyStore')) { [object]$__cmdletization_value = ${NewPolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewGPOSession')) { [object]$__cmdletization_value = ${NewGPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('CloneObject', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Copy-NetFirewallRule' -Alias '*' function Enable-NetFirewallRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Direction[]] ${Direction}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action[]] ${Action}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EdgeTraversal[]] ${EdgeTraversalPolicy}, [Parameter(ParameterSetName='ByQuery')] [Alias('LSM')] [ValidateNotNull()] [bool[]] ${LooseSourceMapping}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${LocalOnlyMapping}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Owner}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetApplicationFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallApplicationFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetNetworkLayerSecurityFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallSecurityFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetServiceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallServiceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter ScriptBlock ID: 382fedae-36a0-4b7e-9cb3-8d5f381453f5 Path:	4104	1		3	2	15	0	2006	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0005-3f5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (15 of 20): ilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Direction') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Direction}) $__cmdletization_queryBuilder.FilterByProperty('Direction', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Action') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Action}) $__cmdletization_queryBuilder.FilterByProperty('Action', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EdgeTraversalPolicy') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EdgeTraversalPolicy}) $__cmdletization_queryBuilder.FilterByProperty('EdgeTraversalPolicy', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LooseSourceMapping') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LooseSourceMapping}) $__cmdletization_queryBuilder.FilterByProperty('LooseSourceMapping', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LocalOnlyMapping') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LocalOnlyMapping}) $__cmdletization_queryBuilder.FilterByProperty('LocalOnlyMapping', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Owner') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Owner}) $__cmdletization_queryBuilder.FilterByProperty('Owner', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetFirewallRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallApplicationFilter') -and (@('ByAssociatedNetFirewallApplicationFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallApplicationFilter}, 'MSFT_NetFirewallRuleFilterByApplication', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetFirewallRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetFirewallRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetFirewallRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallSecurityFilter') -and (@('ByAssociatedNetFirewallSecurityFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallSecurityFilter}, 'MSFT_NetFirewallRuleFilterBySecurity', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallServiceFilter') -and (@('ByAssociatedNetFirewallServiceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallServiceFilter}, 'MSFT_NetFirewallRuleFilterByService', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetFirewallRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${Trace ScriptBlock ID: 382fedae-36a0-4b7e-9cb3-8d5f381453f5 Path:	4104	1		3	2	15	0	2005	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0005-3f5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (14 of 20): etFirewallRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Direction[]] ${Direction}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action[]] ${Action}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EdgeTraversal[]] ${EdgeTraversalPolicy}, [Parameter(ParameterSetName='ByQuery')] [Alias('LSM')] [ValidateNotNull()] [bool[]] ${LooseSourceMapping}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${LocalOnlyMapping}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Owner}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetApplicationFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallApplicationFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetNetworkLayerSecurityFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallSecurityFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetServiceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallServiceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewPolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewGPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationF ScriptBlock ID: 382fedae-36a0-4b7e-9cb3-8d5f381453f5 Path:	4104	1		3	2	15	0	2004	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0005-3f5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (13 of 20): der.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Direction') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Direction}) $__cmdletization_queryBuilder.FilterByProperty('Direction', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Action') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Action}) $__cmdletization_queryBuilder.FilterByProperty('Action', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EdgeTraversalPolicy') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EdgeTraversalPolicy}) $__cmdletization_queryBuilder.FilterByProperty('EdgeTraversalPolicy', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LooseSourceMapping') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LooseSourceMapping}) $__cmdletization_queryBuilder.FilterByProperty('LooseSourceMapping', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LocalOnlyMapping') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LocalOnlyMapping}) $__cmdletization_queryBuilder.FilterByProperty('LocalOnlyMapping', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Owner') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Owner}) $__cmdletization_queryBuilder.FilterByProperty('Owner', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetFirewallRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallApplicationFilter') -and (@('ByAssociatedNetFirewallApplicationFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallApplicationFilter}, 'MSFT_NetFirewallRuleFilterByApplication', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetFirewallRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetFirewallRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetFirewallRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallSecurityFilter') -and (@('ByAssociatedNetFirewallSecurityFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallSecurityFilter}, 'MSFT_NetFirewallRuleFilterBySecurity', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallServiceFilter') -and (@('ByAssociatedNetFirewallServiceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallServiceFilter}, 'MSFT_NetFirewallRuleFilterByService', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetFirewallRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Rename', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Rename-NetFirewallRule' -Alias '*' function Copy-NetFirewallRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_N ScriptBlock ID: 382fedae-36a0-4b7e-9cb3-8d5f381453f5 Path:	4104	1		3	2	15	0	2003	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0005-3f5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (12 of 20): ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetApplicationFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallApplicationFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetNetworkLayerSecurityFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallSecurityFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetServiceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallServiceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName', Mandatory=$true)] [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [Parameter(ParameterSetName='ByQuery', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true)] [Parameter(ParameterSetName='GetAll', Mandatory=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true)] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuil ScriptBlock ID: 382fedae-36a0-4b7e-9cb3-8d5f381453f5 Path:	4104	1		3	2	15	0	2002	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0005-3f5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (11 of 20): cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Direction') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Direction}) $__cmdletization_queryBuilder.FilterByProperty('Direction', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Action') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Action}) $__cmdletization_queryBuilder.FilterByProperty('Action', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EdgeTraversalPolicy') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EdgeTraversalPolicy}) $__cmdletization_queryBuilder.FilterByProperty('EdgeTraversalPolicy', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LooseSourceMapping') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LooseSourceMapping}) $__cmdletization_queryBuilder.FilterByProperty('LooseSourceMapping', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LocalOnlyMapping') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LocalOnlyMapping}) $__cmdletization_queryBuilder.FilterByProperty('LocalOnlyMapping', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Owner') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Owner}) $__cmdletization_queryBuilder.FilterByProperty('Owner', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetFirewallRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallApplicationFilter') -and (@('ByAssociatedNetFirewallApplicationFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallApplicationFilter}, 'MSFT_NetFirewallRuleFilterByApplication', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetFirewallRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetFirewallRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetFirewallRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallSecurityFilter') -and (@('ByAssociatedNetFirewallSecurityFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallSecurityFilter}, 'MSFT_NetFirewallRuleFilterBySecurity', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallServiceFilter') -and (@('ByAssociatedNetFirewallServiceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallServiceFilter}, 'MSFT_NetFirewallRuleFilterByService', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetFirewallRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetFirewallRule' -Alias '*' function Rename-NetFirewallRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Direction[]] ${Direction}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action[]] ${Action}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EdgeTraversal[]] ${EdgeTraversalPolicy}, [Parameter(ParameterSetName='ByQuery')] [Alias('LSM')] [ValidateNotNull()] [bool[]] ${LooseSourceMapping}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${LocalOnlyMapping}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Owner}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ScriptBlock ID: 382fedae-36a0-4b7e-9cb3-8d5f381453f5 Path:	4104	1		3	2	15	0	2001	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0005-3f5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (10 of 20): arameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Owner}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetApplicationFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallApplicationFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetNetworkLayerSecurityFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallSecurityFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetServiceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallServiceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__ ScriptBlock ID: 382fedae-36a0-4b7e-9cb3-8d5f381453f5 Path:	4104	1		3	2	15	0	2000	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0005-3f5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (9 of 20): { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Package'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Service')) { [object]$__cmdletization_value = ${Service} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Service'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Service'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceAlias')) { [object]$__cmdletization_value = ${InterfaceAlias} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceAlias'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceAlias'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceType')) { [object]$__cmdletization_value = ${InterfaceType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalUser')) { [object]$__cmdletization_value = ${LocalUser} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalUser'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalUser'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteUser')) { [object]$__cmdletization_value = ${RemoteUser} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteUser'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteUser'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteMachine')) { [object]$__cmdletization_value = ${RemoteMachine} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteMachine'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteMachine'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Authentication')) { [object]$__cmdletization_value = ${Authentication} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Authentication'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Authentication'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Authentication'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Authentication'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Encryption')) { [object]$__cmdletization_value = ${Encryption} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Encryption'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Encryption'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Encryption'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Encryption'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('OverrideBlockRules')) { [object]$__cmdletization_value = ${OverrideBlockRules} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:OverrideBlockRules'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:OverrideBlockRules'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetFirewallRule' -Alias '*' function Remove-NetFirewallRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Direction[]] ${Direction}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action[]] ${Action}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EdgeTraversal[]] ${EdgeTraversalPolicy}, [Parameter(ParameterSetName='ByQuery')] [Alias('LSM')] [ValidateNotNull()] [bool[]] ${LooseSourceMapping}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${LocalOnlyMapping}, [P ScriptBlock ID: 382fedae-36a0-4b7e-9cb3-8d5f381453f5 Path:	4104	1		3	2	15	0	1999	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0005-3f5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (8 of 20): rs.ContainsKey('Action')) { [object]$__cmdletization_value = ${Action} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Action'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Action'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EdgeTraversalPolicy')) { [object]$__cmdletization_value = ${EdgeTraversalPolicy} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EdgeTraversalPolicy'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EdgeTraversal'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EdgeTraversalPolicy'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EdgeTraversal'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LooseSourceMapping')) { [object]$__cmdletization_value = ${LooseSourceMapping} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LooseSourceMapping'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LooseSourceMapping'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalOnlyMapping')) { [object]$__cmdletization_value = ${LocalOnlyMapping} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalOnlyMapping'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalOnlyMapping'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Owner')) { [object]$__cmdletization_value = ${Owner} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Owner'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Owner'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalAddress')) { [object]$__cmdletization_value = ${LocalAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteAddress')) { [object]$__cmdletization_value = ${RemoteAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Protocol')) { [object]$__cmdletization_value = ${Protocol} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalPort')) { [object]$__cmdletization_value = ${LocalPort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalPort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalPort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemotePort')) { [object]$__cmdletization_value = ${RemotePort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemotePort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemotePort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IcmpType')) { [object]$__cmdletization_value = ${IcmpType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:IcmpType'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:IcmpType'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DynamicTarget')) { [object]$__cmdletization_value = ${DynamicTarget} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:DynamicTransport'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DynamicTransport'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:DynamicTransport'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DynamicTransport'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Program')) { [object]$__cmdletization_value = ${Program} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Program'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Program'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Package')) { [object]$__cmdletization_value = ${Package} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Package'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else ScriptBlock ID: 382fedae-36a0-4b7e-9cb3-8d5f381453f5 Path:	4104	1		3	2	15	0	1998	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0005-3f5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (7 of 20): [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType] ${InterfaceType}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${LocalUser}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${RemoteUser}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${RemoteMachine}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Authentication] ${Authentication}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Encryption] ${Encryption}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${OverrideBlockRules}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByDisplayGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewDisplayName')) { [object]$__cmdletization_value = ${NewDisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Profile')) { [object]$__cmdletization_value = ${Profile} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Platform')) { [object]$__cmdletization_value = ${Platform} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Direction')) { [object]$__cmdletization_value = ${Direction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Direction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Direction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Direction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Direction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParamete ScriptBlock ID: 382fedae-36a0-4b7e-9cb3-8d5f381453f5 Path:	4104	1		3	2	15	0	1997	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0005-3f5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 20): tedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetFirewallRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallSecurityFilter') -and (@('ByAssociatedNetFirewallSecurityFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallSecurityFilter}, 'MSFT_NetFirewallRuleFilterBySecurity', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallServiceFilter') -and (@('ByAssociatedNetFirewallServiceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallServiceFilter}, 'MSFT_NetFirewallRuleFilterByService', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetFirewallRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetFirewallRule' -Alias '*' function Set-NetFirewallRule { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByDisplayGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewDisplayName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Description}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled] ${Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile] ${Profile}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${Platform}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Direction] ${Direction}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action] ${Action}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EdgeTraversal] ${EdgeTraversalPolicy}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('LSM')] [bool] ${LooseSourceMapping}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${LocalOnlyMapping}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Owner}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${LocalAddress}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${RemoteAddress}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Protocol}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${LocalPort}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${RemotePort}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${IcmpType}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('DynamicTransport')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DynamicTransport] ${DynamicTarget}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Program}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Package}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Service}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [WildcardPattern[]] ${InterfaceAlias}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] ScriptBlock ID: 382fedae-36a0-4b7e-9cb3-8d5f381453f5 Path:	4104	1		3	2	15	0	1996	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0005-3f5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 20): meterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Direction') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Direction}) $__cmdletization_queryBuilder.FilterByProperty('Direction', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Action') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Action}) $__cmdletization_queryBuilder.FilterByProperty('Action', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EdgeTraversalPolicy') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EdgeTraversalPolicy}) $__cmdletization_queryBuilder.FilterByProperty('EdgeTraversalPolicy', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LooseSourceMapping') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LooseSourceMapping}) $__cmdletization_queryBuilder.FilterByProperty('LooseSourceMapping', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LocalOnlyMapping') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LocalOnlyMapping}) $__cmdletization_queryBuilder.FilterByProperty('LocalOnlyMapping', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Owner') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Owner}) $__cmdletization_queryBuilder.FilterByProperty('Owner', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetFirewallRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallApplicationFilter') -and (@('ByAssociatedNetFirewallApplicationFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallApplicationFilter}, 'MSFT_NetFirewallRuleFilterByApplication', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetFirewallRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetFirewallRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssocia ScriptBlock ID: 382fedae-36a0-4b7e-9cb3-8d5f381453f5 Path:	4104	1		3	2	15	0	1995	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0005-3f5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 20): $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:CreateInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetFirewallRule' -Alias '*' function Show-NetFirewallRule { [CmdletBinding(PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance[]])][OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/NetSecurityDeepEnumElement')] param( [Parameter(ParameterSetName='EnumerateFull1')] [string] ${PolicyStore}, [Parameter(ParameterSetName='EnumerateFull1')] [string] ${GPOSession}, [Parameter(ParameterSetName='EnumerateFull1')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='EnumerateFull1')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='EnumerateFull1')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GPOSession')) { [object]$__cmdletization_value = ${GPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Dependents'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameter.ParameterTypeName = 'Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/NetSecurityDeepEnumElement' $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('EnumerateFull', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Show-NetFirewallRule' -Alias '*' function Get-NetFirewallRule { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Direction[]] ${Direction}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action[]] ${Action}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EdgeTraversal[]] ${EdgeTraversalPolicy}, [Parameter(ParameterSetName='ByQuery')] [Alias('LSM')] [ValidateNotNull()] [bool[]] ${LooseSourceMapping}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${LocalOnlyMapping}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Owner}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetApplicationFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallApplicationFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetNetworkLayerSecurityFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallSecurityFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetServiceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallServiceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(Para ScriptBlock ID: 382fedae-36a0-4b7e-9cb3-8d5f381453f5 Path:	4104	1		3	2	15	0	1994	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0005-3f5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 20): ter]@{Name = 'cim:OperationOption:RemotePort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IcmpType')) { [object]$__cmdletization_value = ${IcmpType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:IcmpType'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:IcmpType'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DynamicTarget')) { [object]$__cmdletization_value = ${DynamicTarget} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:DynamicTransport'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DynamicTransport'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:DynamicTransport'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DynamicTransport'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Program')) { [object]$__cmdletization_value = ${Program} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Program'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Program'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Package')) { [object]$__cmdletization_value = ${Package} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Package'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Package'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Service')) { [object]$__cmdletization_value = ${Service} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Service'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Service'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceAlias')) { [object]$__cmdletization_value = ${InterfaceAlias} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceAlias'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceAlias'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceType')) { [object]$__cmdletization_value = ${InterfaceType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalUser')) { [object]$__cmdletization_value = ${LocalUser} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalUser'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalUser'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteUser')) { [object]$__cmdletization_value = ${RemoteUser} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteUser'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteUser'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteMachine')) { [object]$__cmdletization_value = ${RemoteMachine} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteMachine'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteMachine'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Authentication')) { [object]$__cmdletization_value = ${Authentication} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Authentication'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Authentication'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Authentication'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Authentication'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Encryption')) { [object]$__cmdletization_value = ${Encryption} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Encryption'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Encryption'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Encryption'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Encryption'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('OverrideBlockRules')) { [object]$__cmdletization_value = ${OverrideBlockRules} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:OverrideBlockRules'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:OverrideBlockRules'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } ScriptBlock ID: 382fedae-36a0-4b7e-9cb3-8d5f381453f5 Path:	4104	1		3	2	15	0	1993	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0005-3f5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 20): n_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Profile')) { [object]$__cmdletization_value = ${Profile} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Platform')) { [object]$__cmdletization_value = ${Platform} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Direction')) { [object]$__cmdletization_value = ${Direction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Direction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Direction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Direction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Direction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Action')) { [object]$__cmdletization_value = ${Action} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Action'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Action'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EdgeTraversalPolicy')) { [object]$__cmdletization_value = ${EdgeTraversalPolicy} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EdgeTraversalPolicy'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EdgeTraversal'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EdgeTraversalPolicy'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EdgeTraversal'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LooseSourceMapping')) { [object]$__cmdletization_value = ${LooseSourceMapping} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LooseSourceMapping'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LooseSourceMapping'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalOnlyMapping')) { [object]$__cmdletization_value = ${LocalOnlyMapping} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalOnlyMapping'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalOnlyMapping'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Owner')) { [object]$__cmdletization_value = ${Owner} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Owner'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Owner'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalAddress')) { [object]$__cmdletization_value = ${LocalAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteAddress')) { [object]$__cmdletization_value = ${RemoteAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Protocol')) { [object]$__cmdletization_value = ${Protocol} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalPort')) { [object]$__cmdletization_value = ${LocalPort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalPort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalPort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemotePort')) { [object]$__cmdletization_value = ${RemotePort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemotePort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParame ScriptBlock ID: 382fedae-36a0-4b7e-9cb3-8d5f381453f5 Path:	4104	1		3	2	15	0	1992	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0005-3f5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 20): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetFirewallRule' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetFirewallRule { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] param( [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${PolicyStore}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${GPOSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('ID')] [string] ${Name}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [string] ${DisplayName}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Description}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Group}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled] ${Enabled}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile] ${Profile}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${Platform}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Direction] ${Direction}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action] ${Action}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EdgeTraversal] ${EdgeTraversalPolicy}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('LSM')] [bool] ${LooseSourceMapping}, [Parameter(ParameterSetName='cim:CreateInstance0')] [bool] ${LocalOnlyMapping}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Owner}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${LocalAddress}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${RemoteAddress}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Protocol}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${LocalPort}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${RemotePort}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${IcmpType}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('DynamicTransport')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DynamicTransport] ${DynamicTarget}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Program}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Package}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Service}, [Parameter(ParameterSetName='cim:CreateInstance0')] [WildcardPattern[]] ${InterfaceAlias}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType] ${InterfaceType}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${LocalUser}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${RemoteUser}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${RemoteMachine}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Authentication] ${Authentication}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Encryption] ${Encryption}, [Parameter(ParameterSetName='cim:CreateInstance0')] [bool] ${OverrideBlockRules}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GPOSession')) { [object]$__cmdletization_value = ${GPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Name')) { [object]$__cmdletization_value = ${Name} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisplayName')) { [object]$__cmdletization_value = ${DisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Group')) { [object]$__cmdletization_value = ${Group} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletizatio ScriptBlock ID: 382fedae-36a0-4b7e-9cb3-8d5f381453f5 Path:	4104	1		3	2	15	0	1991	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:51 PM	839e3e65-ff4b-0005-3f5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2017, Michael Eaton <meaton@iforium.com> # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = "Stop" $firewall_profiles = @('Domain', 'Private', 'Public') $params = Parse-Args $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $profiles = Get-AnsibleParam -obj $params -name "profiles" -type "list" -default @("Domain", "Private", "Public") $state = Get-AnsibleParam -obj $params -name "state" -type "str" -failifempty $true -validateset 'disabled','enabled' $result = @{ changed = $false profiles = $profiles state = $state } if ($PSVersionTable.PSVersion -lt [Version]"5.0") { Fail-Json $result "win_firewall requires Windows Management Framework 5 or higher." } Try { ForEach ($profile in $firewall_profiles) { $currentstate = (Get-NetFirewallProfile -Name $profile).Enabled $result.$profile = @{ enabled = ($currentstate -eq 1) considered = ($profiles -contains $profile) currentstate = $currentstate } if ($profiles -notcontains $profile) { continue } if ($state -eq 'enabled') { if ($currentstate -eq $false) { Set-NetFirewallProfile -name $profile -Enabled true -WhatIf:$check_mode $result.changed = $true $result.$profile.enabled = $true } } else { if ($currentstate -eq $true) { Set-NetFirewallProfile -name $profile -Enabled false -WhatIf:$check_mode $result.changed = $true $result.$profile.enabled = $false } } } } Catch { Fail-Json $result "an error occurred when attempting to change firewall status for profile $profile $($_.Exception.Message)" } Exit-Json $result ScriptBlock ID: 1d4de993-64f0-417f-9723-5264da588f6e Path:	4104	1		3	2	15	0	1990	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:50 PM	839e3e65-ff4b-0004-8951-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 73913f5c-ec14-4d17-92d3-c399025535ec Path:	4104	1		3	2	15	0	1989	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	4380	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:50 PM	839e3e65-ff4b-0004-7c51-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: bfcf5407-ee08-418b-b3e2-39dbf5663b50 Path:	4104	1		3	2	15	0	1988	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	4380	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:49 PM	839e3e65-ff4b-0004-6d51-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: faa94f6e-9bb7-48e6-8e50-ada6c49e09c1 Path:	4104	1		3	2	15	0	1987	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	4380	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:49 PM	839e3e65-ff4b-0004-6751-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIE1pY2hhZWwgRWF0b24gPG1lYXRvbkBpZm9yaXVtLmNvbT4KIyBHTlUgR2VuZXJhbCBQdWJsaWMgTGljZW5zZSB2My4wKyAoc2VlIENPUFlJTkcgb3IgaHR0cHM6Ly93d3cuZ251Lm9yZy9saWNlbnNlcy9ncGwtMy4wLnR4dCkKCiNSZXF1aXJlcyAtTW9kdWxlIEFuc2libGUuTW9kdWxlVXRpbHMuTGVnYWN5CgokRXJyb3JBY3Rpb25QcmVmZXJlbmNlID0gIlN0b3AiCiRmaXJld2FsbF9wcm9maWxlcyA9IEAoJ0RvbWFpbicsICdQcml2YXRlJywgJ1B1YmxpYycpCgokcGFyYW1zID0gUGFyc2UtQXJncyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCgokcHJvZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAicHJvZmlsZXMiIC10eXBlICJsaXN0IiAtZGVmYXVsdCBAKCJEb21haW4iLCAiUHJpdmF0ZSIsICJQdWJsaWMiKQokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RhdGUiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZSAtdmFsaWRhdGVzZXQgJ2Rpc2FibGVkJywnZW5hYmxlZCcKCiRyZXN1bHQgPSBAewogICAgY2hhbmdlZCA9ICRmYWxzZQogICAgcHJvZmlsZXMgPSAkcHJvZmlsZXMKICAgIHN0YXRlID0gJHN0YXRlCn0KCmlmICgkUFNWZXJzaW9uVGFibGUuUFNWZXJzaW9uIC1sdCBbVmVyc2lvbl0iNS4wIikgewogICAgRmFpbC1Kc29uICRyZXN1bHQgIndpbl9maXJld2FsbCByZXF1aXJlcyBXaW5kb3dzIE1hbmFnZW1lbnQgRnJhbWV3b3JrIDUgb3IgaGlnaGVyLiIKfQoKVHJ5IHsKCiAgICBGb3JFYWNoICgkcHJvZmlsZSBpbiAkZmlyZXdhbGxfcHJvZmlsZXMpIHsKCiAgICAgICAgJGN1cnJlbnRzdGF0ZSA9IChHZXQtTmV0RmlyZXdhbGxQcm9maWxlIC1OYW1lICRwcm9maWxlKS5FbmFibGVkCiAgICAgICAgJHJlc3VsdC4kcHJvZmlsZSA9IEB7CiAgICAgICAgICAgIGVuYWJsZWQgPSAoJGN1cnJlbnRzdGF0ZSAtZXEgMSkKICAgICAgICAgICAgY29uc2lkZXJlZCA9ICgkcHJvZmlsZXMgLWNvbnRhaW5zICRwcm9maWxlKQogICAgICAgICAgICBjdXJyZW50c3RhdGUgPSAkY3VycmVudHN0YXRlCiAgICAgICAgfQoKICAgICAgICBpZiAoJHByb2ZpbGVzIC1ub3Rjb250YWlucyAkcHJvZmlsZSkgewogICAgICAgICAgICBjb250aW51ZQogICAgICAgIH0KCiAgICAgICAgaWYgKCRzdGF0ZSAtZXEgJ2VuYWJsZWQnKSB7CgogICAgICAgICAgICBpZiAoJGN1cnJlbnRzdGF0ZSAtZXEgJGZhbHNlKSB7CiAgICAgICAgICAgICAgICBTZXQtTmV0RmlyZXdhbGxQcm9maWxlIC1uYW1lICRwcm9maWxlIC1FbmFibGVkIHRydWUgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgICAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgICAgICAgICAgICAgICRyZXN1bHQuJHByb2ZpbGUuZW5hYmxlZCA9ICR0cnVlCiAgICAgICAgICAgIH0KCiAgICAgICAgfSBlbHNlIHsKCiAgICAgICAgICAgIGlmICgkY3VycmVudHN0YXRlIC1lcSAkdHJ1ZSkgewogICAgICAgICAgICAgICAgU2V0LU5ldEZpcmV3YWxsUHJvZmlsZSAtbmFtZSAkcHJvZmlsZSAtRW5hYmxlZCBmYWxzZSAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgICAgICAgICAgICAgJHJlc3VsdC4kcHJvZmlsZS5lbmFibGVkID0gJGZhbHNlCiAgICAgICAgICAgIH0KCiAgICAgICAgfQogICAgfQp9IENhdGNoIHsKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJhbiBlcnJvciBvY2N1cnJlZCB3aGVuIGF0dGVtcHRpbmcgdG8gY2hhbmdlIGZpcmV3YWxsIHN0YXR1cyBmb3IgcHJvZmlsZSAkcHJvZmlsZSAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_firewall", "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 3, "profiles": ["Domain", "Private", "Public"], "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "state": "disabled", "_ansible_diff": false, "_ansible_keep_remote_files": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_ ScriptBlock ID: faa94f6e-9bb7-48e6-8e50-ada6c49e09c1 Path:	4104	1		3	2	15	0	1986	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	4380	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:49 PM	839e3e65-ff4b-0004-6751-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0 ScriptBlock ID: faa94f6e-9bb7-48e6-8e50-ada6c49e09c1 Path:	4104	1		3	2	15	0	1985	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	4380	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:49 PM	839e3e65-ff4b-0004-6751-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1984	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	4196	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:49 PM	839e3e65-ff4b-0005-3c5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4620 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1983	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	8	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:49 PM	839e3e65-ff4b-0005-3c5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1982	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4620	4196	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:49 PM	839e3e65-ff4b-0005-3c5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 7e8de78f-2de5-46b8-abbb-22aece099f97 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 5b7d823a-3b0a-4dcb-8ef3-cd0d7ff84715 Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1981	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1368	4672	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:47 PM	839e3e65-ff4b-0001-254e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = "Stop" $params = Parse-Args $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -default $false $_remote_tmp = Get-AnsibleParam $params "_ansible_remote_tmp" -type "path" -default $env:TMP $path = Get-AnsibleParam -obj $params -name "path" -type "path" -failifempty $true -aliases "dest","name" $state = Get-AnsibleParam -obj $params -name "state" -type "str" -validateset "absent","directory","file","touch" # used in template/copy when dest is the path to a dir and source is a file $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" if ((Test-Path -Path $path -PathType Container) -and ($null -ne $original_basename)) { $path = Join-Path -Path $path -ChildPath $original_basename } $result = @{ changed = $false } # Used to delete symlinks as powershell cannot delete broken symlinks $symlink_util = @" using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } } "@ $original_tmp = $env:TMP $env:TMP = $_remote_tmp Add-Type -TypeDefinition $symlink_util $env:TMP = $original_tmp # Used to delete directories and files with logic on handling symbolic links function Remove-File($file, $checkmode) { try { if ($file.Attributes -band [System.IO.FileAttributes]::ReparsePoint) { # Bug with powershell, if you try and delete a symbolic link that is pointing # to an invalid path it will fail, using Win32 API to do this instead if ($file.PSIsContainer) { if (-not $checkmode) { [Ansible.Command.SymLinkHelper]::DeleteDirectory($file.FullName) } } else { if (-not $checkmode) { [Ansible.Command.SymlinkHelper]::DeleteFile($file.FullName) } } } elseif ($file.PSIsContainer) { Remove-Directory -directory $file -checkmode $checkmode } else { Remove-Item -LiteralPath $file.FullName -Force -WhatIf:$checkmode } } catch [Exception] { Fail-Json $result "Failed to delete $($file.FullName): $($_.Exception.Message)" } } function Remove-Directory($directory, $checkmode) { foreach ($file in Get-ChildItem $directory.FullName) { Remove-File -file $file -checkmode $checkmode } Remove-Item -LiteralPath $directory.FullName -Force -Recurse -WhatIf:$checkmode } if ($state -eq "touch") { if (Test-Path -LiteralPath $path) { if (-not $check_mode) { (Get-ChildItem -LiteralPath $path).LastWriteTime = Get-Date } $result.changed = $true } else { Write-Output $null | Out-File -LiteralPath $path -Encoding ASCII -WhatIf:$check_mode $result.changed = $true } } if (Test-Path -LiteralPath $path) { $fileinfo = Get-Item -LiteralPath $path if ($state -eq "absent") { Remove-File -file $fileinfo -checkmode $check_mode $result.changed = $true } else { if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } if ($state -eq "file" -and $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a file" } } } else { # If state is not supplied, test the $path to see if it looks like # a file or a folder and set state to file or folder if ($state -eq $null) { $basename = Split-Path -Path $path -Leaf if ($basename.length -gt 0) { $state = "file" } else { $state = "directory" } } if ($state -eq "directory") { try { New-Item -Path $path -ItemType Directory -WhatIf:$check_mode | Out-Null } catch { if ($_.CategoryInfo.Category -eq "ResourceExists") { $fileinfo = Get-Item -LiteralPath $_.CategoryInfo.TargetName if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } } else { Fail-Json $result $_.Exception.Message } } $result.changed = $true } elseif ($state -eq "file") { Fail-Json $result "path $path will not be created" } } Exit-Json $result ScriptBlock ID: d179873d-9bbd-4854-a8a1-39aa7451f563 Path:	4104	1		3	2	15	0	1980	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1368	4672	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:46 PM	839e3e65-ff4b-0001-164e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 3348cc2a-f8e4-4ec4-b569-13db4b60c2ec Path:	4104	1		3	2	15	0	1979	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1368	5096	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:46 PM	839e3e65-ff4b-0005-2f5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: cd75b4c4-e70c-4d77-ae6e-e88e492dbfcb Path:	4104	1		3	2	15	0	1978	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1368	5096	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:46 PM	839e3e65-ff4b-0005-205d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): reate($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: fa037189-7509-4c73-b253-8bea6259a3a0 Path:	4104	1		3	2	15	0	1977	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1368	5096	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:46 PM	839e3e65-ff4b-0005-1a5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): aW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtZGVmYXVsdCAkZmFsc2UKJF9yZW1vdGVfdG1wID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJfYW5zaWJsZV9yZW1vdGVfdG1wIiAtdHlwZSAicGF0aCIgLWRlZmF1bHQgJGVudjpUTVAKCiRwYXRoID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInBhdGgiIC10eXBlICJwYXRoIiAtZmFpbGlmZW1wdHkgJHRydWUgLWFsaWFzZXMgImRlc3QiLCJuYW1lIgokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RhdGUiIC10eXBlICJzdHIiIC12YWxpZGF0ZXNldCAiYWJzZW50IiwiZGlyZWN0b3J5IiwiZmlsZSIsInRvdWNoIgoKIyB1c2VkIGluIHRlbXBsYXRlL2NvcHkgd2hlbiBkZXN0IGlzIHRoZSBwYXRoIHRvIGEgZGlyIGFuZCBzb3VyY2UgaXMgYSBmaWxlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCmlmICgoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBDb250YWluZXIpIC1hbmQgKCRudWxsIC1uZSAkb3JpZ2luYWxfYmFzZW5hbWUpKSB7CiAgICAkcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkcGF0aCAtQ2hpbGRQYXRoICRvcmlnaW5hbF9iYXNlbmFtZQp9CgokcmVzdWx0ID0gQHsKICAgIGNoYW5nZWQgPSAkZmFsc2UKfQoKIyBVc2VkIHRvIGRlbGV0ZSBzeW1saW5rcyBhcyBwb3dlcnNoZWxsIGNhbm5vdCBkZWxldGUgYnJva2VuIHN5bWxpbmtzCiRzeW1saW5rX3V0aWwgPSBAIgp1c2luZyBTeXN0ZW07CnVzaW5nIFN5c3RlbS5Db21wb25lbnRNb2RlbDsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwoKbmFtZXNwYWNlIEFuc2libGUuQ29tbWFuZCB7CiAgICBwdWJsaWMgY2xhc3MgU3ltTGlua0hlbHBlciB7CiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIERlbGV0ZUZpbGVXKHN0cmluZyBscEZpbGVOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeVcoc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgRGVsZXRlRGlyZWN0b3J5KHN0cmluZyBwYXRoKSB7CiAgICAgICAgICAgIGlmICghUmVtb3ZlRGlyZWN0b3J5VyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiUmVtb3ZlRGlyZWN0b3J5Vyh7MH0pIGZhaWxlZDogezF9IiwgcGF0aCwgbmV3IFdpbjMyRXhjZXB0aW9uKE1hcnNoYWwuR2V0TGFzdFdpbjMyRXJyb3IoKSkuTWVzc2FnZSkpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUZpbGUoc3RyaW5nIHBhdGgpIHsKICAgICAgICAgICAgaWYgKCFEZWxldGVGaWxlVyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRGVsZXRlRmlsZVcoezB9KSBmYWlsZWQ6IHsxfSIsIHBhdGgsIG5ldyBXaW4zMkV4Y2VwdGlvbihNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCkpLk1lc3NhZ2UpKTsKICAgICAgICB9CiAgICB9Cn0KIkAKJG9yaWdpbmFsX3RtcCA9ICRlbnY6VE1QCiRlbnY6VE1QID0gJF9yZW1vdGVfdG1wCkFkZC1UeXBlIC1UeXBlRGVmaW5pdGlvbiAkc3ltbGlua191dGlsCiRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKIyBVc2VkIHRvIGRlbGV0ZSBkaXJlY3RvcmllcyBhbmQgZmlsZXMgd2l0aCBsb2dpYyBvbiBoYW5kbGluZyBzeW1ib2xpYyBsaW5rcwpmdW5jdGlvbiBSZW1vdmUtRmlsZSgkZmlsZSwgJGNoZWNrbW9kZSkgewogICAgdHJ5IHsKICAgICAgICBpZiAoJGZpbGUuQXR0cmlidXRlcyAtYmFuZCBbU3lzdGVtLklPLkZpbGVBdHRyaWJ1dGVzXTo6UmVwYXJzZVBvaW50KSB7CiAgICAgICAgICAgICMgQnVnIHdpdGggcG93ZXJzaGVsbCwgaWYgeW91IHRyeSBhbmQgZGVsZXRlIGEgc3ltYm9saWMgbGluayB0aGF0IGlzIHBvaW50aW5nCiAgICAgICAgICAgICMgdG8gYW4gaW52YWxpZCBwYXRoIGl0IHdpbGwgZmFpbCwgdXNpbmcgV2luMzIgQVBJIHRvIGRvIHRoaXMgaW5zdGVhZAogICAgICAgICAgICBpZiAoJGZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrbW9kZSkgewogICAgICAgICAgICAgICAgICAgIFtBbnNpYmxlLkNvbW1hbmQuU3ltTGlua0hlbHBlcl06OkRlbGV0ZURpcmVjdG9yeSgkZmlsZS5GdWxsTmFtZSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgtbm90ICRjaGVja21vZGUpIHsKICAgICAgICAgICAgICAgICAgICBbQW5zaWJsZS5Db21tYW5kLlN5bWxpbmtIZWxwZXJdOjpEZWxldGVGaWxlKCRmaWxlLkZ1bGxOYW1lKQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgUmVtb3ZlLURpcmVjdG9yeSAtZGlyZWN0b3J5ICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIFJlbW92ZS1JdGVtIC1MaXRlcmFsUGF0aCAkZmlsZS5GdWxsTmFtZSAtRm9yY2UgLVdoYXRJZjokY2hlY2ttb2RlCiAgICAgICAgfQogICAgfSBjYXRjaCBbRXhjZXB0aW9uXSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgIkZhaWxlZCB0byBkZWxldGUgJCgkZmlsZS5GdWxsTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQp9CgpmdW5jdGlvbiBSZW1vdmUtRGlyZWN0b3J5KCRkaXJlY3RvcnksICRjaGVja21vZGUpIHsKICAgIGZvcmVhY2ggKCRmaWxlIGluIEdldC1DaGlsZEl0ZW0gJGRpcmVjdG9yeS5GdWxsTmFtZSkgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgfQogICAgUmVtb3ZlLUl0ZW0gLUxpdGVyYWxQYXRoICRkaXJlY3RvcnkuRnVsbE5hbWUgLUZvcmNlIC1SZWN1cnNlIC1XaGF0SWY6JGNoZWNrbW9kZQp9CgoKaWYgKCRzdGF0ZSAtZXEgInRvdWNoIikgewogICAgaWYgKFRlc3QtUGF0aCAtTGl0ZXJhbFBhdGggJHBhdGgpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAoR2V0LUNoaWxkSXRlbSAtTGl0ZXJhbFBhdGggJHBhdGgpLkxhc3RXcml0ZVRpbWUgPSBHZXQtRGF0ZQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlIHsKICAgICAgICBXcml0ZS1PdXRwdXQgJG51bGwgfCBPdXQtRmlsZSAtTGl0ZXJhbFBhdGggJHBhdGggLUVuY29kaW5nIEFTQ0lJIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgppZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkgewogICAgJGZpbGVpbmZvID0gR2V0LUl0ZW0gLUxpdGVyYWxQYXRoICRwYXRoCiAgICBpZiAoJHN0YXRlIC1lcSAiYWJzZW50IikgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlaW5mbyAtY2hlY2ttb2RlICRjaGVja19tb2RlCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGRpcmVjdG9yeSIKICAgICAgICB9CgogICAgICAgIGlmICgkc3RhdGUgLWVxICJmaWxlIiAtYW5kICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGZpbGUiCiAgICAgICAgfQogICAgfQoKfSBlbHNlIHsKCiAgICAjIElmIHN0YXRlIGlzIG5vdCBzdXBwbGllZCwgdGVzdCB0aGUgJHBhdGggdG8gc2VlIGlmIGl0IGxvb2tzIGxpa2UKICAgICMgYSBmaWxlIG9yIGEgZm9sZGVyIGFuZCBzZXQgc3RhdGUgdG8gZmlsZSBvciBmb2xkZXIKICAgIGlmICgkc3RhdGUgLWVxICRudWxsKSB7CiAgICAgICAgJGJhc2VuYW1lID0gU3BsaXQtUGF0aCAtUGF0aCAkcGF0aCAtTGVhZgogICAgICAgIGlmICgkYmFzZW5hbWUubGVuZ3RoIC1ndCAwKSB7CiAgICAgICAgICAgJHN0YXRlID0gImZpbGUiCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAkc3RhdGUgPSAiZGlyZWN0b3J5IgogICAgICAgIH0KICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAiZGlyZWN0b3J5IikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXRoIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIGlmICgkXy5DYXRlZ29yeUluZm8uQ2F0ZWdvcnkgLWVxICJSZXNvdXJjZUV4aXN0cyIpIHsKICAgICAgICAgICAgICAgICRmaWxlaW5mbyA9IEdldC1JdGVtIC1MaXRlcmFsUGF0aCAkXy5DYXRlZ29yeUluZm8uVGFyZ2V0TmFtZQogICAgICAgICAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggaXMgbm90IGEgZGlyZWN0b3J5IgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlaWYgKCRzdGF0ZSAtZXEgImZpbGUiKSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggd2lsbCBub3QgYmUgY3JlYXRlZCIKICAgIH0KCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_syslog_facility": "LOG_USER", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_file", "_ansible_remote_tmp": "%TEMP%", "_ansible_check_mode": false, "_ansible_keep_remote_files": false, "_ansible_verbosity": 3, "_ansible_socket": null, "state": "directory", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::C ScriptBlock ID: fa037189-7509-4c73-b253-8bea6259a3a0 Path:	4104	1		3	2	15	0	1976	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1368	5096	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:46 PM	839e3e65-ff4b-0005-1a5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): B0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNz ScriptBlock ID: fa037189-7509-4c73-b253-8bea6259a3a0 Path:	4104	1		3	2	15	0	1975	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1368	5096	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:46 PM	839e3e65-ff4b-0005-1a5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbX ScriptBlock ID: fa037189-7509-4c73-b253-8bea6259a3a0 Path:	4104	1		3	2	15	0	1974	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1368	5096	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:46 PM	839e3e65-ff4b-0005-1a5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1973	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1368	3948	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:46 PM	839e3e65-ff4b-0005-185d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1368 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1972	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1368	612	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:46 PM	839e3e65-ff4b-0005-185d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1971	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1368	3948	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:46 PM	839e3e65-ff4b-0005-185d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 6a3228be-2324-4302-96b3-045801acda3b Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = ff8f1785-bbb6-43ee-a9b6-d7781f39f579 Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1970	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2692	704	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:45 PM	839e3e65-ff4b-0002-68e7-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = "Stop" $params = Parse-Args $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -default $false $_remote_tmp = Get-AnsibleParam $params "_ansible_remote_tmp" -type "path" -default $env:TMP $path = Get-AnsibleParam -obj $params -name "path" -type "path" -failifempty $true -aliases "dest","name" $state = Get-AnsibleParam -obj $params -name "state" -type "str" -validateset "absent","directory","file","touch" # used in template/copy when dest is the path to a dir and source is a file $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" if ((Test-Path -Path $path -PathType Container) -and ($null -ne $original_basename)) { $path = Join-Path -Path $path -ChildPath $original_basename } $result = @{ changed = $false } # Used to delete symlinks as powershell cannot delete broken symlinks $symlink_util = @" using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } } "@ $original_tmp = $env:TMP $env:TMP = $_remote_tmp Add-Type -TypeDefinition $symlink_util $env:TMP = $original_tmp # Used to delete directories and files with logic on handling symbolic links function Remove-File($file, $checkmode) { try { if ($file.Attributes -band [System.IO.FileAttributes]::ReparsePoint) { # Bug with powershell, if you try and delete a symbolic link that is pointing # to an invalid path it will fail, using Win32 API to do this instead if ($file.PSIsContainer) { if (-not $checkmode) { [Ansible.Command.SymLinkHelper]::DeleteDirectory($file.FullName) } } else { if (-not $checkmode) { [Ansible.Command.SymlinkHelper]::DeleteFile($file.FullName) } } } elseif ($file.PSIsContainer) { Remove-Directory -directory $file -checkmode $checkmode } else { Remove-Item -LiteralPath $file.FullName -Force -WhatIf:$checkmode } } catch [Exception] { Fail-Json $result "Failed to delete $($file.FullName): $($_.Exception.Message)" } } function Remove-Directory($directory, $checkmode) { foreach ($file in Get-ChildItem $directory.FullName) { Remove-File -file $file -checkmode $checkmode } Remove-Item -LiteralPath $directory.FullName -Force -Recurse -WhatIf:$checkmode } if ($state -eq "touch") { if (Test-Path -LiteralPath $path) { if (-not $check_mode) { (Get-ChildItem -LiteralPath $path).LastWriteTime = Get-Date } $result.changed = $true } else { Write-Output $null | Out-File -LiteralPath $path -Encoding ASCII -WhatIf:$check_mode $result.changed = $true } } if (Test-Path -LiteralPath $path) { $fileinfo = Get-Item -LiteralPath $path if ($state -eq "absent") { Remove-File -file $fileinfo -checkmode $check_mode $result.changed = $true } else { if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } if ($state -eq "file" -and $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a file" } } } else { # If state is not supplied, test the $path to see if it looks like # a file or a folder and set state to file or folder if ($state -eq $null) { $basename = Split-Path -Path $path -Leaf if ($basename.length -gt 0) { $state = "file" } else { $state = "directory" } } if ($state -eq "directory") { try { New-Item -Path $path -ItemType Directory -WhatIf:$check_mode | Out-Null } catch { if ($_.CategoryInfo.Category -eq "ResourceExists") { $fileinfo = Get-Item -LiteralPath $_.CategoryInfo.TargetName if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } } else { Fail-Json $result $_.Exception.Message } } $result.changed = $true } elseif ($state -eq "file") { Fail-Json $result "path $path will not be created" } } Exit-Json $result ScriptBlock ID: 6beb2b69-7c51-427a-a3b8-4940da52f7e4 Path:	4104	1		3	2	15	0	1969	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2692	704	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:45 PM	839e3e65-ff4b-0002-59e7-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 109b98cd-8024-482a-8178-23895a6f616a Path:	4104	1		3	2	15	0	1968	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2692	3208	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:45 PM	839e3e65-ff4b-0001-004e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 3c1404df-a4eb-4975-be74-ee04cad3c565 Path:	4104	1		3	2	15	0	1967	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2692	3208	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:45 PM	839e3e65-ff4b-0001-f14d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): CAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtZGVmYXVsdCAkZmFsc2UKJF9yZW1vdGVfdG1wID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJfYW5zaWJsZV9yZW1vdGVfdG1wIiAtdHlwZSAicGF0aCIgLWRlZmF1bHQgJGVudjpUTVAKCiRwYXRoID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInBhdGgiIC10eXBlICJwYXRoIiAtZmFpbGlmZW1wdHkgJHRydWUgLWFsaWFzZXMgImRlc3QiLCJuYW1lIgokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RhdGUiIC10eXBlICJzdHIiIC12YWxpZGF0ZXNldCAiYWJzZW50IiwiZGlyZWN0b3J5IiwiZmlsZSIsInRvdWNoIgoKIyB1c2VkIGluIHRlbXBsYXRlL2NvcHkgd2hlbiBkZXN0IGlzIHRoZSBwYXRoIHRvIGEgZGlyIGFuZCBzb3VyY2UgaXMgYSBmaWxlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCmlmICgoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBDb250YWluZXIpIC1hbmQgKCRudWxsIC1uZSAkb3JpZ2luYWxfYmFzZW5hbWUpKSB7CiAgICAkcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkcGF0aCAtQ2hpbGRQYXRoICRvcmlnaW5hbF9iYXNlbmFtZQp9CgokcmVzdWx0ID0gQHsKICAgIGNoYW5nZWQgPSAkZmFsc2UKfQoKIyBVc2VkIHRvIGRlbGV0ZSBzeW1saW5rcyBhcyBwb3dlcnNoZWxsIGNhbm5vdCBkZWxldGUgYnJva2VuIHN5bWxpbmtzCiRzeW1saW5rX3V0aWwgPSBAIgp1c2luZyBTeXN0ZW07CnVzaW5nIFN5c3RlbS5Db21wb25lbnRNb2RlbDsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwoKbmFtZXNwYWNlIEFuc2libGUuQ29tbWFuZCB7CiAgICBwdWJsaWMgY2xhc3MgU3ltTGlua0hlbHBlciB7CiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIERlbGV0ZUZpbGVXKHN0cmluZyBscEZpbGVOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeVcoc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgRGVsZXRlRGlyZWN0b3J5KHN0cmluZyBwYXRoKSB7CiAgICAgICAgICAgIGlmICghUmVtb3ZlRGlyZWN0b3J5VyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiUmVtb3ZlRGlyZWN0b3J5Vyh7MH0pIGZhaWxlZDogezF9IiwgcGF0aCwgbmV3IFdpbjMyRXhjZXB0aW9uKE1hcnNoYWwuR2V0TGFzdFdpbjMyRXJyb3IoKSkuTWVzc2FnZSkpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUZpbGUoc3RyaW5nIHBhdGgpIHsKICAgICAgICAgICAgaWYgKCFEZWxldGVGaWxlVyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRGVsZXRlRmlsZVcoezB9KSBmYWlsZWQ6IHsxfSIsIHBhdGgsIG5ldyBXaW4zMkV4Y2VwdGlvbihNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCkpLk1lc3NhZ2UpKTsKICAgICAgICB9CiAgICB9Cn0KIkAKJG9yaWdpbmFsX3RtcCA9ICRlbnY6VE1QCiRlbnY6VE1QID0gJF9yZW1vdGVfdG1wCkFkZC1UeXBlIC1UeXBlRGVmaW5pdGlvbiAkc3ltbGlua191dGlsCiRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKIyBVc2VkIHRvIGRlbGV0ZSBkaXJlY3RvcmllcyBhbmQgZmlsZXMgd2l0aCBsb2dpYyBvbiBoYW5kbGluZyBzeW1ib2xpYyBsaW5rcwpmdW5jdGlvbiBSZW1vdmUtRmlsZSgkZmlsZSwgJGNoZWNrbW9kZSkgewogICAgdHJ5IHsKICAgICAgICBpZiAoJGZpbGUuQXR0cmlidXRlcyAtYmFuZCBbU3lzdGVtLklPLkZpbGVBdHRyaWJ1dGVzXTo6UmVwYXJzZVBvaW50KSB7CiAgICAgICAgICAgICMgQnVnIHdpdGggcG93ZXJzaGVsbCwgaWYgeW91IHRyeSBhbmQgZGVsZXRlIGEgc3ltYm9saWMgbGluayB0aGF0IGlzIHBvaW50aW5nCiAgICAgICAgICAgICMgdG8gYW4gaW52YWxpZCBwYXRoIGl0IHdpbGwgZmFpbCwgdXNpbmcgV2luMzIgQVBJIHRvIGRvIHRoaXMgaW5zdGVhZAogICAgICAgICAgICBpZiAoJGZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrbW9kZSkgewogICAgICAgICAgICAgICAgICAgIFtBbnNpYmxlLkNvbW1hbmQuU3ltTGlua0hlbHBlcl06OkRlbGV0ZURpcmVjdG9yeSgkZmlsZS5GdWxsTmFtZSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgtbm90ICRjaGVja21vZGUpIHsKICAgICAgICAgICAgICAgICAgICBbQW5zaWJsZS5Db21tYW5kLlN5bWxpbmtIZWxwZXJdOjpEZWxldGVGaWxlKCRmaWxlLkZ1bGxOYW1lKQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgUmVtb3ZlLURpcmVjdG9yeSAtZGlyZWN0b3J5ICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIFJlbW92ZS1JdGVtIC1MaXRlcmFsUGF0aCAkZmlsZS5GdWxsTmFtZSAtRm9yY2UgLVdoYXRJZjokY2hlY2ttb2RlCiAgICAgICAgfQogICAgfSBjYXRjaCBbRXhjZXB0aW9uXSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgIkZhaWxlZCB0byBkZWxldGUgJCgkZmlsZS5GdWxsTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQp9CgpmdW5jdGlvbiBSZW1vdmUtRGlyZWN0b3J5KCRkaXJlY3RvcnksICRjaGVja21vZGUpIHsKICAgIGZvcmVhY2ggKCRmaWxlIGluIEdldC1DaGlsZEl0ZW0gJGRpcmVjdG9yeS5GdWxsTmFtZSkgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgfQogICAgUmVtb3ZlLUl0ZW0gLUxpdGVyYWxQYXRoICRkaXJlY3RvcnkuRnVsbE5hbWUgLUZvcmNlIC1SZWN1cnNlIC1XaGF0SWY6JGNoZWNrbW9kZQp9CgoKaWYgKCRzdGF0ZSAtZXEgInRvdWNoIikgewogICAgaWYgKFRlc3QtUGF0aCAtTGl0ZXJhbFBhdGggJHBhdGgpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAoR2V0LUNoaWxkSXRlbSAtTGl0ZXJhbFBhdGggJHBhdGgpLkxhc3RXcml0ZVRpbWUgPSBHZXQtRGF0ZQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlIHsKICAgICAgICBXcml0ZS1PdXRwdXQgJG51bGwgfCBPdXQtRmlsZSAtTGl0ZXJhbFBhdGggJHBhdGggLUVuY29kaW5nIEFTQ0lJIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgppZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkgewogICAgJGZpbGVpbmZvID0gR2V0LUl0ZW0gLUxpdGVyYWxQYXRoICRwYXRoCiAgICBpZiAoJHN0YXRlIC1lcSAiYWJzZW50IikgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlaW5mbyAtY2hlY2ttb2RlICRjaGVja19tb2RlCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGRpcmVjdG9yeSIKICAgICAgICB9CgogICAgICAgIGlmICgkc3RhdGUgLWVxICJmaWxlIiAtYW5kICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGZpbGUiCiAgICAgICAgfQogICAgfQoKfSBlbHNlIHsKCiAgICAjIElmIHN0YXRlIGlzIG5vdCBzdXBwbGllZCwgdGVzdCB0aGUgJHBhdGggdG8gc2VlIGlmIGl0IGxvb2tzIGxpa2UKICAgICMgYSBmaWxlIG9yIGEgZm9sZGVyIGFuZCBzZXQgc3RhdGUgdG8gZmlsZSBvciBmb2xkZXIKICAgIGlmICgkc3RhdGUgLWVxICRudWxsKSB7CiAgICAgICAgJGJhc2VuYW1lID0gU3BsaXQtUGF0aCAtUGF0aCAkcGF0aCAtTGVhZgogICAgICAgIGlmICgkYmFzZW5hbWUubGVuZ3RoIC1ndCAwKSB7CiAgICAgICAgICAgJHN0YXRlID0gImZpbGUiCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAkc3RhdGUgPSAiZGlyZWN0b3J5IgogICAgICAgIH0KICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAiZGlyZWN0b3J5IikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXRoIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIGlmICgkXy5DYXRlZ29yeUluZm8uQ2F0ZWdvcnkgLWVxICJSZXNvdXJjZUV4aXN0cyIpIHsKICAgICAgICAgICAgICAgICRmaWxlaW5mbyA9IEdldC1JdGVtIC1MaXRlcmFsUGF0aCAkXy5DYXRlZ29yeUluZm8uVGFyZ2V0TmFtZQogICAgICAgICAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggaXMgbm90IGEgZGlyZWN0b3J5IgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlaWYgKCRzdGF0ZSAtZXEgImZpbGUiKSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggd2lsbCBub3QgYmUgY3JlYXRlZCIKICAgIH0KCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_syslog_facility": "LOG_USER", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_file", "_ansible_remote_tmp": "%TEMP%", "_ansible_check_mode": false, "_ansible_keep_remote_files": false, "_ansible_verbosity": 3, "_ansible_socket": null, "state": "directory", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "C:\\ProgramData\\pip", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 6a768eb3-2e4b-47f4-ba6e-3c5c1305c654 Path:	4104	1		3	2	15	0	1966	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2692	3208	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:45 PM	839e3e65-ff4b-0001-eb4d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogI ScriptBlock ID: 6a768eb3-2e4b-47f4-ba6e-3c5c1305c654 Path:	4104	1		3	2	15	0	1965	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2692	3208	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:45 PM	839e3e65-ff4b-0001-eb4d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1964	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2692	5012	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:44 PM	839e3e65-ff4b-0005-0d5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2692 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1963	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2692	1144	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:44 PM	839e3e65-ff4b-0005-0d5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1962	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2692	5012	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:44 PM	839e3e65-ff4b-0005-0d5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 42976ecf-d423-4631-95b0-3a6f1deb2df8 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = ec3b0aea-5b98-4b56-9be9-0c8c704c4192 Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1961	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4596	4720	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:44 PM	839e3e65-ff4b-0004-5151-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = "Stop" $params = Parse-Args $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -default $false $_remote_tmp = Get-AnsibleParam $params "_ansible_remote_tmp" -type "path" -default $env:TMP $path = Get-AnsibleParam -obj $params -name "path" -type "path" -failifempty $true -aliases "dest","name" $state = Get-AnsibleParam -obj $params -name "state" -type "str" -validateset "absent","directory","file","touch" # used in template/copy when dest is the path to a dir and source is a file $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" if ((Test-Path -Path $path -PathType Container) -and ($null -ne $original_basename)) { $path = Join-Path -Path $path -ChildPath $original_basename } $result = @{ changed = $false } # Used to delete symlinks as powershell cannot delete broken symlinks $symlink_util = @" using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } } "@ $original_tmp = $env:TMP $env:TMP = $_remote_tmp Add-Type -TypeDefinition $symlink_util $env:TMP = $original_tmp # Used to delete directories and files with logic on handling symbolic links function Remove-File($file, $checkmode) { try { if ($file.Attributes -band [System.IO.FileAttributes]::ReparsePoint) { # Bug with powershell, if you try and delete a symbolic link that is pointing # to an invalid path it will fail, using Win32 API to do this instead if ($file.PSIsContainer) { if (-not $checkmode) { [Ansible.Command.SymLinkHelper]::DeleteDirectory($file.FullName) } } else { if (-not $checkmode) { [Ansible.Command.SymlinkHelper]::DeleteFile($file.FullName) } } } elseif ($file.PSIsContainer) { Remove-Directory -directory $file -checkmode $checkmode } else { Remove-Item -LiteralPath $file.FullName -Force -WhatIf:$checkmode } } catch [Exception] { Fail-Json $result "Failed to delete $($file.FullName): $($_.Exception.Message)" } } function Remove-Directory($directory, $checkmode) { foreach ($file in Get-ChildItem $directory.FullName) { Remove-File -file $file -checkmode $checkmode } Remove-Item -LiteralPath $directory.FullName -Force -Recurse -WhatIf:$checkmode } if ($state -eq "touch") { if (Test-Path -LiteralPath $path) { if (-not $check_mode) { (Get-ChildItem -LiteralPath $path).LastWriteTime = Get-Date } $result.changed = $true } else { Write-Output $null | Out-File -LiteralPath $path -Encoding ASCII -WhatIf:$check_mode $result.changed = $true } } if (Test-Path -LiteralPath $path) { $fileinfo = Get-Item -LiteralPath $path if ($state -eq "absent") { Remove-File -file $fileinfo -checkmode $check_mode $result.changed = $true } else { if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } if ($state -eq "file" -and $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a file" } } } else { # If state is not supplied, test the $path to see if it looks like # a file or a folder and set state to file or folder if ($state -eq $null) { $basename = Split-Path -Path $path -Leaf if ($basename.length -gt 0) { $state = "file" } else { $state = "directory" } } if ($state -eq "directory") { try { New-Item -Path $path -ItemType Directory -WhatIf:$check_mode | Out-Null } catch { if ($_.CategoryInfo.Category -eq "ResourceExists") { $fileinfo = Get-Item -LiteralPath $_.CategoryInfo.TargetName if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } } else { Fail-Json $result $_.Exception.Message } } $result.changed = $true } elseif ($state -eq "file") { Fail-Json $result "path $path will not be created" } } Exit-Json $result ScriptBlock ID: 78af2b76-9cd8-4dee-9017-1808eb1b304b Path:	4104	1		3	2	15	0	1960	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4596	4720	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:44 PM	839e3e65-ff4b-0004-4251-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 4a805fbb-8d7f-4cba-bac3-1bb6d4da2989 Path:	4104	1		3	2	15	0	1959	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4596	4340	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:44 PM	839e3e65-ff4b-0003-ae7c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: a4be52f6-a130-4a84-ae78-ae07bcfda98b Path:	4104	1		3	2	15	0	1958	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4596	4340	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:43 PM	839e3e65-ff4b-0003-9f7c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): 21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtZGVmYXVsdCAkZmFsc2UKJF9yZW1vdGVfdG1wID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJfYW5zaWJsZV9yZW1vdGVfdG1wIiAtdHlwZSAicGF0aCIgLWRlZmF1bHQgJGVudjpUTVAKCiRwYXRoID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInBhdGgiIC10eXBlICJwYXRoIiAtZmFpbGlmZW1wdHkgJHRydWUgLWFsaWFzZXMgImRlc3QiLCJuYW1lIgokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RhdGUiIC10eXBlICJzdHIiIC12YWxpZGF0ZXNldCAiYWJzZW50IiwiZGlyZWN0b3J5IiwiZmlsZSIsInRvdWNoIgoKIyB1c2VkIGluIHRlbXBsYXRlL2NvcHkgd2hlbiBkZXN0IGlzIHRoZSBwYXRoIHRvIGEgZGlyIGFuZCBzb3VyY2UgaXMgYSBmaWxlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCmlmICgoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBDb250YWluZXIpIC1hbmQgKCRudWxsIC1uZSAkb3JpZ2luYWxfYmFzZW5hbWUpKSB7CiAgICAkcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkcGF0aCAtQ2hpbGRQYXRoICRvcmlnaW5hbF9iYXNlbmFtZQp9CgokcmVzdWx0ID0gQHsKICAgIGNoYW5nZWQgPSAkZmFsc2UKfQoKIyBVc2VkIHRvIGRlbGV0ZSBzeW1saW5rcyBhcyBwb3dlcnNoZWxsIGNhbm5vdCBkZWxldGUgYnJva2VuIHN5bWxpbmtzCiRzeW1saW5rX3V0aWwgPSBAIgp1c2luZyBTeXN0ZW07CnVzaW5nIFN5c3RlbS5Db21wb25lbnRNb2RlbDsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwoKbmFtZXNwYWNlIEFuc2libGUuQ29tbWFuZCB7CiAgICBwdWJsaWMgY2xhc3MgU3ltTGlua0hlbHBlciB7CiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIERlbGV0ZUZpbGVXKHN0cmluZyBscEZpbGVOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeVcoc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgRGVsZXRlRGlyZWN0b3J5KHN0cmluZyBwYXRoKSB7CiAgICAgICAgICAgIGlmICghUmVtb3ZlRGlyZWN0b3J5VyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiUmVtb3ZlRGlyZWN0b3J5Vyh7MH0pIGZhaWxlZDogezF9IiwgcGF0aCwgbmV3IFdpbjMyRXhjZXB0aW9uKE1hcnNoYWwuR2V0TGFzdFdpbjMyRXJyb3IoKSkuTWVzc2FnZSkpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUZpbGUoc3RyaW5nIHBhdGgpIHsKICAgICAgICAgICAgaWYgKCFEZWxldGVGaWxlVyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRGVsZXRlRmlsZVcoezB9KSBmYWlsZWQ6IHsxfSIsIHBhdGgsIG5ldyBXaW4zMkV4Y2VwdGlvbihNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCkpLk1lc3NhZ2UpKTsKICAgICAgICB9CiAgICB9Cn0KIkAKJG9yaWdpbmFsX3RtcCA9ICRlbnY6VE1QCiRlbnY6VE1QID0gJF9yZW1vdGVfdG1wCkFkZC1UeXBlIC1UeXBlRGVmaW5pdGlvbiAkc3ltbGlua191dGlsCiRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKIyBVc2VkIHRvIGRlbGV0ZSBkaXJlY3RvcmllcyBhbmQgZmlsZXMgd2l0aCBsb2dpYyBvbiBoYW5kbGluZyBzeW1ib2xpYyBsaW5rcwpmdW5jdGlvbiBSZW1vdmUtRmlsZSgkZmlsZSwgJGNoZWNrbW9kZSkgewogICAgdHJ5IHsKICAgICAgICBpZiAoJGZpbGUuQXR0cmlidXRlcyAtYmFuZCBbU3lzdGVtLklPLkZpbGVBdHRyaWJ1dGVzXTo6UmVwYXJzZVBvaW50KSB7CiAgICAgICAgICAgICMgQnVnIHdpdGggcG93ZXJzaGVsbCwgaWYgeW91IHRyeSBhbmQgZGVsZXRlIGEgc3ltYm9saWMgbGluayB0aGF0IGlzIHBvaW50aW5nCiAgICAgICAgICAgICMgdG8gYW4gaW52YWxpZCBwYXRoIGl0IHdpbGwgZmFpbCwgdXNpbmcgV2luMzIgQVBJIHRvIGRvIHRoaXMgaW5zdGVhZAogICAgICAgICAgICBpZiAoJGZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrbW9kZSkgewogICAgICAgICAgICAgICAgICAgIFtBbnNpYmxlLkNvbW1hbmQuU3ltTGlua0hlbHBlcl06OkRlbGV0ZURpcmVjdG9yeSgkZmlsZS5GdWxsTmFtZSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgtbm90ICRjaGVja21vZGUpIHsKICAgICAgICAgICAgICAgICAgICBbQW5zaWJsZS5Db21tYW5kLlN5bWxpbmtIZWxwZXJdOjpEZWxldGVGaWxlKCRmaWxlLkZ1bGxOYW1lKQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgUmVtb3ZlLURpcmVjdG9yeSAtZGlyZWN0b3J5ICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIFJlbW92ZS1JdGVtIC1MaXRlcmFsUGF0aCAkZmlsZS5GdWxsTmFtZSAtRm9yY2UgLVdoYXRJZjokY2hlY2ttb2RlCiAgICAgICAgfQogICAgfSBjYXRjaCBbRXhjZXB0aW9uXSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgIkZhaWxlZCB0byBkZWxldGUgJCgkZmlsZS5GdWxsTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQp9CgpmdW5jdGlvbiBSZW1vdmUtRGlyZWN0b3J5KCRkaXJlY3RvcnksICRjaGVja21vZGUpIHsKICAgIGZvcmVhY2ggKCRmaWxlIGluIEdldC1DaGlsZEl0ZW0gJGRpcmVjdG9yeS5GdWxsTmFtZSkgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgfQogICAgUmVtb3ZlLUl0ZW0gLUxpdGVyYWxQYXRoICRkaXJlY3RvcnkuRnVsbE5hbWUgLUZvcmNlIC1SZWN1cnNlIC1XaGF0SWY6JGNoZWNrbW9kZQp9CgoKaWYgKCRzdGF0ZSAtZXEgInRvdWNoIikgewogICAgaWYgKFRlc3QtUGF0aCAtTGl0ZXJhbFBhdGggJHBhdGgpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAoR2V0LUNoaWxkSXRlbSAtTGl0ZXJhbFBhdGggJHBhdGgpLkxhc3RXcml0ZVRpbWUgPSBHZXQtRGF0ZQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlIHsKICAgICAgICBXcml0ZS1PdXRwdXQgJG51bGwgfCBPdXQtRmlsZSAtTGl0ZXJhbFBhdGggJHBhdGggLUVuY29kaW5nIEFTQ0lJIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgppZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkgewogICAgJGZpbGVpbmZvID0gR2V0LUl0ZW0gLUxpdGVyYWxQYXRoICRwYXRoCiAgICBpZiAoJHN0YXRlIC1lcSAiYWJzZW50IikgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlaW5mbyAtY2hlY2ttb2RlICRjaGVja19tb2RlCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGRpcmVjdG9yeSIKICAgICAgICB9CgogICAgICAgIGlmICgkc3RhdGUgLWVxICJmaWxlIiAtYW5kICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGZpbGUiCiAgICAgICAgfQogICAgfQoKfSBlbHNlIHsKCiAgICAjIElmIHN0YXRlIGlzIG5vdCBzdXBwbGllZCwgdGVzdCB0aGUgJHBhdGggdG8gc2VlIGlmIGl0IGxvb2tzIGxpa2UKICAgICMgYSBmaWxlIG9yIGEgZm9sZGVyIGFuZCBzZXQgc3RhdGUgdG8gZmlsZSBvciBmb2xkZXIKICAgIGlmICgkc3RhdGUgLWVxICRudWxsKSB7CiAgICAgICAgJGJhc2VuYW1lID0gU3BsaXQtUGF0aCAtUGF0aCAkcGF0aCAtTGVhZgogICAgICAgIGlmICgkYmFzZW5hbWUubGVuZ3RoIC1ndCAwKSB7CiAgICAgICAgICAgJHN0YXRlID0gImZpbGUiCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAkc3RhdGUgPSAiZGlyZWN0b3J5IgogICAgICAgIH0KICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAiZGlyZWN0b3J5IikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXRoIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIGlmICgkXy5DYXRlZ29yeUluZm8uQ2F0ZWdvcnkgLWVxICJSZXNvdXJjZUV4aXN0cyIpIHsKICAgICAgICAgICAgICAgICRmaWxlaW5mbyA9IEdldC1JdGVtIC1MaXRlcmFsUGF0aCAkXy5DYXRlZ29yeUluZm8uVGFyZ2V0TmFtZQogICAgICAgICAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggaXMgbm90IGEgZGlyZWN0b3J5IgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlaWYgKCRzdGF0ZSAtZXEgImZpbGUiKSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggd2lsbCBub3QgYmUgY3JlYXRlZCIKICAgIH0KCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_syslog_facility": "LOG_USER", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_file", "_ansible_remote_tmp": "%TEMP%", "_ansible_check_mode": false, "_ansible_keep_remote_files": false, "_ansible_verbosity": 3, "_ansible_socket": null, "state": "directory", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\python27", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 550a71b8-b853-46dc-9758-779da59c430b Path:	4104	1		3	2	15	0	1957	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4596	4340	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:43 PM	839e3e65-ff4b-0003-997c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db ScriptBlock ID: 550a71b8-b853-46dc-9758-779da59c430b Path:	4104	1		3	2	15	0	1956	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4596	4340	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:43 PM	839e3e65-ff4b-0003-997c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1955	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4596	4500	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:43 PM	839e3e65-ff4b-0005-055d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4596 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1954	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4596	4640	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:43 PM	839e3e65-ff4b-0005-055d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1953	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4596	4500	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:43 PM	839e3e65-ff4b-0005-055d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 793c29ff-219e-4cd7-8ec0-4934e6108d68 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 596132aa-4c18-4397-a521-3ac69c9e4003 Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1952	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5036	3316	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:43 PM	839e3e65-ff4b-0002-4fe7-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = "Stop" $params = Parse-Args $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -default $false $_remote_tmp = Get-AnsibleParam $params "_ansible_remote_tmp" -type "path" -default $env:TMP $path = Get-AnsibleParam -obj $params -name "path" -type "path" -failifempty $true -aliases "dest","name" $state = Get-AnsibleParam -obj $params -name "state" -type "str" -validateset "absent","directory","file","touch" # used in template/copy when dest is the path to a dir and source is a file $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" if ((Test-Path -Path $path -PathType Container) -and ($null -ne $original_basename)) { $path = Join-Path -Path $path -ChildPath $original_basename } $result = @{ changed = $false } # Used to delete symlinks as powershell cannot delete broken symlinks $symlink_util = @" using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } } "@ $original_tmp = $env:TMP $env:TMP = $_remote_tmp Add-Type -TypeDefinition $symlink_util $env:TMP = $original_tmp # Used to delete directories and files with logic on handling symbolic links function Remove-File($file, $checkmode) { try { if ($file.Attributes -band [System.IO.FileAttributes]::ReparsePoint) { # Bug with powershell, if you try and delete a symbolic link that is pointing # to an invalid path it will fail, using Win32 API to do this instead if ($file.PSIsContainer) { if (-not $checkmode) { [Ansible.Command.SymLinkHelper]::DeleteDirectory($file.FullName) } } else { if (-not $checkmode) { [Ansible.Command.SymlinkHelper]::DeleteFile($file.FullName) } } } elseif ($file.PSIsContainer) { Remove-Directory -directory $file -checkmode $checkmode } else { Remove-Item -LiteralPath $file.FullName -Force -WhatIf:$checkmode } } catch [Exception] { Fail-Json $result "Failed to delete $($file.FullName): $($_.Exception.Message)" } } function Remove-Directory($directory, $checkmode) { foreach ($file in Get-ChildItem $directory.FullName) { Remove-File -file $file -checkmode $checkmode } Remove-Item -LiteralPath $directory.FullName -Force -Recurse -WhatIf:$checkmode } if ($state -eq "touch") { if (Test-Path -LiteralPath $path) { if (-not $check_mode) { (Get-ChildItem -LiteralPath $path).LastWriteTime = Get-Date } $result.changed = $true } else { Write-Output $null | Out-File -LiteralPath $path -Encoding ASCII -WhatIf:$check_mode $result.changed = $true } } if (Test-Path -LiteralPath $path) { $fileinfo = Get-Item -LiteralPath $path if ($state -eq "absent") { Remove-File -file $fileinfo -checkmode $check_mode $result.changed = $true } else { if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } if ($state -eq "file" -and $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a file" } } } else { # If state is not supplied, test the $path to see if it looks like # a file or a folder and set state to file or folder if ($state -eq $null) { $basename = Split-Path -Path $path -Leaf if ($basename.length -gt 0) { $state = "file" } else { $state = "directory" } } if ($state -eq "directory") { try { New-Item -Path $path -ItemType Directory -WhatIf:$check_mode | Out-Null } catch { if ($_.CategoryInfo.Category -eq "ResourceExists") { $fileinfo = Get-Item -LiteralPath $_.CategoryInfo.TargetName if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } } else { Fail-Json $result $_.Exception.Message } } $result.changed = $true } elseif ($state -eq "file") { Fail-Json $result "path $path will not be created" } } Exit-Json $result ScriptBlock ID: f84bf89c-9a73-4fc5-a8c3-67983e38195d Path:	4104	1		3	2	15	0	1951	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5036	3316	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:43 PM	839e3e65-ff4b-0002-40e7-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 15bc97d6-ed20-4120-b968-e9dc867e97eb Path:	4104	1		3	2	15	0	1950	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5036	932	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:42 PM	839e3e65-ff4b-0005-fe5c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 9b168592-4c5b-4623-a6c2-b214e028556d Path:	4104	1		3	2	15	0	1949	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5036	932	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:42 PM	839e3e65-ff4b-0005-ef5c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): d19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtZGVmYXVsdCAkZmFsc2UKJF9yZW1vdGVfdG1wID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJfYW5zaWJsZV9yZW1vdGVfdG1wIiAtdHlwZSAicGF0aCIgLWRlZmF1bHQgJGVudjpUTVAKCiRwYXRoID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInBhdGgiIC10eXBlICJwYXRoIiAtZmFpbGlmZW1wdHkgJHRydWUgLWFsaWFzZXMgImRlc3QiLCJuYW1lIgokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RhdGUiIC10eXBlICJzdHIiIC12YWxpZGF0ZXNldCAiYWJzZW50IiwiZGlyZWN0b3J5IiwiZmlsZSIsInRvdWNoIgoKIyB1c2VkIGluIHRlbXBsYXRlL2NvcHkgd2hlbiBkZXN0IGlzIHRoZSBwYXRoIHRvIGEgZGlyIGFuZCBzb3VyY2UgaXMgYSBmaWxlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCmlmICgoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBDb250YWluZXIpIC1hbmQgKCRudWxsIC1uZSAkb3JpZ2luYWxfYmFzZW5hbWUpKSB7CiAgICAkcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkcGF0aCAtQ2hpbGRQYXRoICRvcmlnaW5hbF9iYXNlbmFtZQp9CgokcmVzdWx0ID0gQHsKICAgIGNoYW5nZWQgPSAkZmFsc2UKfQoKIyBVc2VkIHRvIGRlbGV0ZSBzeW1saW5rcyBhcyBwb3dlcnNoZWxsIGNhbm5vdCBkZWxldGUgYnJva2VuIHN5bWxpbmtzCiRzeW1saW5rX3V0aWwgPSBAIgp1c2luZyBTeXN0ZW07CnVzaW5nIFN5c3RlbS5Db21wb25lbnRNb2RlbDsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwoKbmFtZXNwYWNlIEFuc2libGUuQ29tbWFuZCB7CiAgICBwdWJsaWMgY2xhc3MgU3ltTGlua0hlbHBlciB7CiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIERlbGV0ZUZpbGVXKHN0cmluZyBscEZpbGVOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeVcoc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgRGVsZXRlRGlyZWN0b3J5KHN0cmluZyBwYXRoKSB7CiAgICAgICAgICAgIGlmICghUmVtb3ZlRGlyZWN0b3J5VyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiUmVtb3ZlRGlyZWN0b3J5Vyh7MH0pIGZhaWxlZDogezF9IiwgcGF0aCwgbmV3IFdpbjMyRXhjZXB0aW9uKE1hcnNoYWwuR2V0TGFzdFdpbjMyRXJyb3IoKSkuTWVzc2FnZSkpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUZpbGUoc3RyaW5nIHBhdGgpIHsKICAgICAgICAgICAgaWYgKCFEZWxldGVGaWxlVyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRGVsZXRlRmlsZVcoezB9KSBmYWlsZWQ6IHsxfSIsIHBhdGgsIG5ldyBXaW4zMkV4Y2VwdGlvbihNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCkpLk1lc3NhZ2UpKTsKICAgICAgICB9CiAgICB9Cn0KIkAKJG9yaWdpbmFsX3RtcCA9ICRlbnY6VE1QCiRlbnY6VE1QID0gJF9yZW1vdGVfdG1wCkFkZC1UeXBlIC1UeXBlRGVmaW5pdGlvbiAkc3ltbGlua191dGlsCiRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKIyBVc2VkIHRvIGRlbGV0ZSBkaXJlY3RvcmllcyBhbmQgZmlsZXMgd2l0aCBsb2dpYyBvbiBoYW5kbGluZyBzeW1ib2xpYyBsaW5rcwpmdW5jdGlvbiBSZW1vdmUtRmlsZSgkZmlsZSwgJGNoZWNrbW9kZSkgewogICAgdHJ5IHsKICAgICAgICBpZiAoJGZpbGUuQXR0cmlidXRlcyAtYmFuZCBbU3lzdGVtLklPLkZpbGVBdHRyaWJ1dGVzXTo6UmVwYXJzZVBvaW50KSB7CiAgICAgICAgICAgICMgQnVnIHdpdGggcG93ZXJzaGVsbCwgaWYgeW91IHRyeSBhbmQgZGVsZXRlIGEgc3ltYm9saWMgbGluayB0aGF0IGlzIHBvaW50aW5nCiAgICAgICAgICAgICMgdG8gYW4gaW52YWxpZCBwYXRoIGl0IHdpbGwgZmFpbCwgdXNpbmcgV2luMzIgQVBJIHRvIGRvIHRoaXMgaW5zdGVhZAogICAgICAgICAgICBpZiAoJGZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrbW9kZSkgewogICAgICAgICAgICAgICAgICAgIFtBbnNpYmxlLkNvbW1hbmQuU3ltTGlua0hlbHBlcl06OkRlbGV0ZURpcmVjdG9yeSgkZmlsZS5GdWxsTmFtZSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgtbm90ICRjaGVja21vZGUpIHsKICAgICAgICAgICAgICAgICAgICBbQW5zaWJsZS5Db21tYW5kLlN5bWxpbmtIZWxwZXJdOjpEZWxldGVGaWxlKCRmaWxlLkZ1bGxOYW1lKQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgUmVtb3ZlLURpcmVjdG9yeSAtZGlyZWN0b3J5ICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIFJlbW92ZS1JdGVtIC1MaXRlcmFsUGF0aCAkZmlsZS5GdWxsTmFtZSAtRm9yY2UgLVdoYXRJZjokY2hlY2ttb2RlCiAgICAgICAgfQogICAgfSBjYXRjaCBbRXhjZXB0aW9uXSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgIkZhaWxlZCB0byBkZWxldGUgJCgkZmlsZS5GdWxsTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQp9CgpmdW5jdGlvbiBSZW1vdmUtRGlyZWN0b3J5KCRkaXJlY3RvcnksICRjaGVja21vZGUpIHsKICAgIGZvcmVhY2ggKCRmaWxlIGluIEdldC1DaGlsZEl0ZW0gJGRpcmVjdG9yeS5GdWxsTmFtZSkgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgfQogICAgUmVtb3ZlLUl0ZW0gLUxpdGVyYWxQYXRoICRkaXJlY3RvcnkuRnVsbE5hbWUgLUZvcmNlIC1SZWN1cnNlIC1XaGF0SWY6JGNoZWNrbW9kZQp9CgoKaWYgKCRzdGF0ZSAtZXEgInRvdWNoIikgewogICAgaWYgKFRlc3QtUGF0aCAtTGl0ZXJhbFBhdGggJHBhdGgpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAoR2V0LUNoaWxkSXRlbSAtTGl0ZXJhbFBhdGggJHBhdGgpLkxhc3RXcml0ZVRpbWUgPSBHZXQtRGF0ZQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlIHsKICAgICAgICBXcml0ZS1PdXRwdXQgJG51bGwgfCBPdXQtRmlsZSAtTGl0ZXJhbFBhdGggJHBhdGggLUVuY29kaW5nIEFTQ0lJIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgppZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkgewogICAgJGZpbGVpbmZvID0gR2V0LUl0ZW0gLUxpdGVyYWxQYXRoICRwYXRoCiAgICBpZiAoJHN0YXRlIC1lcSAiYWJzZW50IikgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlaW5mbyAtY2hlY2ttb2RlICRjaGVja19tb2RlCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGRpcmVjdG9yeSIKICAgICAgICB9CgogICAgICAgIGlmICgkc3RhdGUgLWVxICJmaWxlIiAtYW5kICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGZpbGUiCiAgICAgICAgfQogICAgfQoKfSBlbHNlIHsKCiAgICAjIElmIHN0YXRlIGlzIG5vdCBzdXBwbGllZCwgdGVzdCB0aGUgJHBhdGggdG8gc2VlIGlmIGl0IGxvb2tzIGxpa2UKICAgICMgYSBmaWxlIG9yIGEgZm9sZGVyIGFuZCBzZXQgc3RhdGUgdG8gZmlsZSBvciBmb2xkZXIKICAgIGlmICgkc3RhdGUgLWVxICRudWxsKSB7CiAgICAgICAgJGJhc2VuYW1lID0gU3BsaXQtUGF0aCAtUGF0aCAkcGF0aCAtTGVhZgogICAgICAgIGlmICgkYmFzZW5hbWUubGVuZ3RoIC1ndCAwKSB7CiAgICAgICAgICAgJHN0YXRlID0gImZpbGUiCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAkc3RhdGUgPSAiZGlyZWN0b3J5IgogICAgICAgIH0KICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAiZGlyZWN0b3J5IikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXRoIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIGlmICgkXy5DYXRlZ29yeUluZm8uQ2F0ZWdvcnkgLWVxICJSZXNvdXJjZUV4aXN0cyIpIHsKICAgICAgICAgICAgICAgICRmaWxlaW5mbyA9IEdldC1JdGVtIC1MaXRlcmFsUGF0aCAkXy5DYXRlZ29yeUluZm8uVGFyZ2V0TmFtZQogICAgICAgICAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggaXMgbm90IGEgZGlyZWN0b3J5IgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlaWYgKCRzdGF0ZSAtZXEgImZpbGUiKSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggd2lsbCBub3QgYmUgY3JlYXRlZCIKICAgIH0KCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_syslog_facility": "LOG_USER", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_file", "_ansible_remote_tmp": "%TEMP%", "_ansible_check_mode": false, "_ansible_keep_remote_files": false, "_ansible_verbosity": 3, "_ansible_socket": null, "state": "directory", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\build", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: a7a25816-a521-4cce-a38c-059dcf5b0c4a Path:	4104	1		3	2	15	0	1948	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5036	932	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:42 PM	839e3e65-ff4b-0005-e95c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJh ScriptBlock ID: a7a25816-a521-4cce-a38c-059dcf5b0c4a Path:	4104	1		3	2	15	0	1947	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5036	932	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:42 PM	839e3e65-ff4b-0005-e95c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1946	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5036	4408	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:42 PM	839e3e65-ff4b-0005-e75c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5036 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1945	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5036	3892	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:42 PM	839e3e65-ff4b-0005-e75c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1944	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5036	4408	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:42 PM	839e3e65-ff4b-0005-e75c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 6d6ac89b-a932-475b-b7b5-fc3c6654febb Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 3dc5b074-5209-4345-b687-1df9d8a3f6c8 Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1943	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4244	2688	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:42 PM	839e3e65-ff4b-0001-d34d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = "Stop" $params = Parse-Args $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -default $false $_remote_tmp = Get-AnsibleParam $params "_ansible_remote_tmp" -type "path" -default $env:TMP $path = Get-AnsibleParam -obj $params -name "path" -type "path" -failifempty $true -aliases "dest","name" $state = Get-AnsibleParam -obj $params -name "state" -type "str" -validateset "absent","directory","file","touch" # used in template/copy when dest is the path to a dir and source is a file $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" if ((Test-Path -Path $path -PathType Container) -and ($null -ne $original_basename)) { $path = Join-Path -Path $path -ChildPath $original_basename } $result = @{ changed = $false } # Used to delete symlinks as powershell cannot delete broken symlinks $symlink_util = @" using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } } "@ $original_tmp = $env:TMP $env:TMP = $_remote_tmp Add-Type -TypeDefinition $symlink_util $env:TMP = $original_tmp # Used to delete directories and files with logic on handling symbolic links function Remove-File($file, $checkmode) { try { if ($file.Attributes -band [System.IO.FileAttributes]::ReparsePoint) { # Bug with powershell, if you try and delete a symbolic link that is pointing # to an invalid path it will fail, using Win32 API to do this instead if ($file.PSIsContainer) { if (-not $checkmode) { [Ansible.Command.SymLinkHelper]::DeleteDirectory($file.FullName) } } else { if (-not $checkmode) { [Ansible.Command.SymlinkHelper]::DeleteFile($file.FullName) } } } elseif ($file.PSIsContainer) { Remove-Directory -directory $file -checkmode $checkmode } else { Remove-Item -LiteralPath $file.FullName -Force -WhatIf:$checkmode } } catch [Exception] { Fail-Json $result "Failed to delete $($file.FullName): $($_.Exception.Message)" } } function Remove-Directory($directory, $checkmode) { foreach ($file in Get-ChildItem $directory.FullName) { Remove-File -file $file -checkmode $checkmode } Remove-Item -LiteralPath $directory.FullName -Force -Recurse -WhatIf:$checkmode } if ($state -eq "touch") { if (Test-Path -LiteralPath $path) { if (-not $check_mode) { (Get-ChildItem -LiteralPath $path).LastWriteTime = Get-Date } $result.changed = $true } else { Write-Output $null | Out-File -LiteralPath $path -Encoding ASCII -WhatIf:$check_mode $result.changed = $true } } if (Test-Path -LiteralPath $path) { $fileinfo = Get-Item -LiteralPath $path if ($state -eq "absent") { Remove-File -file $fileinfo -checkmode $check_mode $result.changed = $true } else { if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } if ($state -eq "file" -and $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a file" } } } else { # If state is not supplied, test the $path to see if it looks like # a file or a folder and set state to file or folder if ($state -eq $null) { $basename = Split-Path -Path $path -Leaf if ($basename.length -gt 0) { $state = "file" } else { $state = "directory" } } if ($state -eq "directory") { try { New-Item -Path $path -ItemType Directory -WhatIf:$check_mode | Out-Null } catch { if ($_.CategoryInfo.Category -eq "ResourceExists") { $fileinfo = Get-Item -LiteralPath $_.CategoryInfo.TargetName if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } } else { Fail-Json $result $_.Exception.Message } } $result.changed = $true } elseif ($state -eq "file") { Fail-Json $result "path $path will not be created" } } Exit-Json $result ScriptBlock ID: a81111b9-7eeb-4f06-b961-7acbb0df1d36 Path:	4104	1		3	2	15	0	1942	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4244	2688	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:41 PM	839e3e65-ff4b-0001-c44d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 2ac4c3fa-9118-4b54-b967-0c3c8657a94d Path:	4104	1		3	2	15	0	1941	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4244	2280	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:41 PM	839e3e65-ff4b-0001-c34d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 1ab6a798-4bd0-4315-94c0-45843c076868 Path:	4104	1		3	2	15	0	1940	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4244	2280	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:41 PM	839e3e65-ff4b-0001-b44d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): MF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtZGVmYXVsdCAkZmFsc2UKJF9yZW1vdGVfdG1wID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJfYW5zaWJsZV9yZW1vdGVfdG1wIiAtdHlwZSAicGF0aCIgLWRlZmF1bHQgJGVudjpUTVAKCiRwYXRoID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInBhdGgiIC10eXBlICJwYXRoIiAtZmFpbGlmZW1wdHkgJHRydWUgLWFsaWFzZXMgImRlc3QiLCJuYW1lIgokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RhdGUiIC10eXBlICJzdHIiIC12YWxpZGF0ZXNldCAiYWJzZW50IiwiZGlyZWN0b3J5IiwiZmlsZSIsInRvdWNoIgoKIyB1c2VkIGluIHRlbXBsYXRlL2NvcHkgd2hlbiBkZXN0IGlzIHRoZSBwYXRoIHRvIGEgZGlyIGFuZCBzb3VyY2UgaXMgYSBmaWxlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCmlmICgoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBDb250YWluZXIpIC1hbmQgKCRudWxsIC1uZSAkb3JpZ2luYWxfYmFzZW5hbWUpKSB7CiAgICAkcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkcGF0aCAtQ2hpbGRQYXRoICRvcmlnaW5hbF9iYXNlbmFtZQp9CgokcmVzdWx0ID0gQHsKICAgIGNoYW5nZWQgPSAkZmFsc2UKfQoKIyBVc2VkIHRvIGRlbGV0ZSBzeW1saW5rcyBhcyBwb3dlcnNoZWxsIGNhbm5vdCBkZWxldGUgYnJva2VuIHN5bWxpbmtzCiRzeW1saW5rX3V0aWwgPSBAIgp1c2luZyBTeXN0ZW07CnVzaW5nIFN5c3RlbS5Db21wb25lbnRNb2RlbDsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwoKbmFtZXNwYWNlIEFuc2libGUuQ29tbWFuZCB7CiAgICBwdWJsaWMgY2xhc3MgU3ltTGlua0hlbHBlciB7CiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIERlbGV0ZUZpbGVXKHN0cmluZyBscEZpbGVOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeVcoc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgRGVsZXRlRGlyZWN0b3J5KHN0cmluZyBwYXRoKSB7CiAgICAgICAgICAgIGlmICghUmVtb3ZlRGlyZWN0b3J5VyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiUmVtb3ZlRGlyZWN0b3J5Vyh7MH0pIGZhaWxlZDogezF9IiwgcGF0aCwgbmV3IFdpbjMyRXhjZXB0aW9uKE1hcnNoYWwuR2V0TGFzdFdpbjMyRXJyb3IoKSkuTWVzc2FnZSkpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUZpbGUoc3RyaW5nIHBhdGgpIHsKICAgICAgICAgICAgaWYgKCFEZWxldGVGaWxlVyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRGVsZXRlRmlsZVcoezB9KSBmYWlsZWQ6IHsxfSIsIHBhdGgsIG5ldyBXaW4zMkV4Y2VwdGlvbihNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCkpLk1lc3NhZ2UpKTsKICAgICAgICB9CiAgICB9Cn0KIkAKJG9yaWdpbmFsX3RtcCA9ICRlbnY6VE1QCiRlbnY6VE1QID0gJF9yZW1vdGVfdG1wCkFkZC1UeXBlIC1UeXBlRGVmaW5pdGlvbiAkc3ltbGlua191dGlsCiRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKIyBVc2VkIHRvIGRlbGV0ZSBkaXJlY3RvcmllcyBhbmQgZmlsZXMgd2l0aCBsb2dpYyBvbiBoYW5kbGluZyBzeW1ib2xpYyBsaW5rcwpmdW5jdGlvbiBSZW1vdmUtRmlsZSgkZmlsZSwgJGNoZWNrbW9kZSkgewogICAgdHJ5IHsKICAgICAgICBpZiAoJGZpbGUuQXR0cmlidXRlcyAtYmFuZCBbU3lzdGVtLklPLkZpbGVBdHRyaWJ1dGVzXTo6UmVwYXJzZVBvaW50KSB7CiAgICAgICAgICAgICMgQnVnIHdpdGggcG93ZXJzaGVsbCwgaWYgeW91IHRyeSBhbmQgZGVsZXRlIGEgc3ltYm9saWMgbGluayB0aGF0IGlzIHBvaW50aW5nCiAgICAgICAgICAgICMgdG8gYW4gaW52YWxpZCBwYXRoIGl0IHdpbGwgZmFpbCwgdXNpbmcgV2luMzIgQVBJIHRvIGRvIHRoaXMgaW5zdGVhZAogICAgICAgICAgICBpZiAoJGZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrbW9kZSkgewogICAgICAgICAgICAgICAgICAgIFtBbnNpYmxlLkNvbW1hbmQuU3ltTGlua0hlbHBlcl06OkRlbGV0ZURpcmVjdG9yeSgkZmlsZS5GdWxsTmFtZSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgtbm90ICRjaGVja21vZGUpIHsKICAgICAgICAgICAgICAgICAgICBbQW5zaWJsZS5Db21tYW5kLlN5bWxpbmtIZWxwZXJdOjpEZWxldGVGaWxlKCRmaWxlLkZ1bGxOYW1lKQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgUmVtb3ZlLURpcmVjdG9yeSAtZGlyZWN0b3J5ICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIFJlbW92ZS1JdGVtIC1MaXRlcmFsUGF0aCAkZmlsZS5GdWxsTmFtZSAtRm9yY2UgLVdoYXRJZjokY2hlY2ttb2RlCiAgICAgICAgfQogICAgfSBjYXRjaCBbRXhjZXB0aW9uXSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgIkZhaWxlZCB0byBkZWxldGUgJCgkZmlsZS5GdWxsTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQp9CgpmdW5jdGlvbiBSZW1vdmUtRGlyZWN0b3J5KCRkaXJlY3RvcnksICRjaGVja21vZGUpIHsKICAgIGZvcmVhY2ggKCRmaWxlIGluIEdldC1DaGlsZEl0ZW0gJGRpcmVjdG9yeS5GdWxsTmFtZSkgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgfQogICAgUmVtb3ZlLUl0ZW0gLUxpdGVyYWxQYXRoICRkaXJlY3RvcnkuRnVsbE5hbWUgLUZvcmNlIC1SZWN1cnNlIC1XaGF0SWY6JGNoZWNrbW9kZQp9CgoKaWYgKCRzdGF0ZSAtZXEgInRvdWNoIikgewogICAgaWYgKFRlc3QtUGF0aCAtTGl0ZXJhbFBhdGggJHBhdGgpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAoR2V0LUNoaWxkSXRlbSAtTGl0ZXJhbFBhdGggJHBhdGgpLkxhc3RXcml0ZVRpbWUgPSBHZXQtRGF0ZQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlIHsKICAgICAgICBXcml0ZS1PdXRwdXQgJG51bGwgfCBPdXQtRmlsZSAtTGl0ZXJhbFBhdGggJHBhdGggLUVuY29kaW5nIEFTQ0lJIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgppZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkgewogICAgJGZpbGVpbmZvID0gR2V0LUl0ZW0gLUxpdGVyYWxQYXRoICRwYXRoCiAgICBpZiAoJHN0YXRlIC1lcSAiYWJzZW50IikgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlaW5mbyAtY2hlY2ttb2RlICRjaGVja19tb2RlCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGRpcmVjdG9yeSIKICAgICAgICB9CgogICAgICAgIGlmICgkc3RhdGUgLWVxICJmaWxlIiAtYW5kICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGZpbGUiCiAgICAgICAgfQogICAgfQoKfSBlbHNlIHsKCiAgICAjIElmIHN0YXRlIGlzIG5vdCBzdXBwbGllZCwgdGVzdCB0aGUgJHBhdGggdG8gc2VlIGlmIGl0IGxvb2tzIGxpa2UKICAgICMgYSBmaWxlIG9yIGEgZm9sZGVyIGFuZCBzZXQgc3RhdGUgdG8gZmlsZSBvciBmb2xkZXIKICAgIGlmICgkc3RhdGUgLWVxICRudWxsKSB7CiAgICAgICAgJGJhc2VuYW1lID0gU3BsaXQtUGF0aCAtUGF0aCAkcGF0aCAtTGVhZgogICAgICAgIGlmICgkYmFzZW5hbWUubGVuZ3RoIC1ndCAwKSB7CiAgICAgICAgICAgJHN0YXRlID0gImZpbGUiCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAkc3RhdGUgPSAiZGlyZWN0b3J5IgogICAgICAgIH0KICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAiZGlyZWN0b3J5IikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXRoIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIGlmICgkXy5DYXRlZ29yeUluZm8uQ2F0ZWdvcnkgLWVxICJSZXNvdXJjZUV4aXN0cyIpIHsKICAgICAgICAgICAgICAgICRmaWxlaW5mbyA9IEdldC1JdGVtIC1MaXRlcmFsUGF0aCAkXy5DYXRlZ29yeUluZm8uVGFyZ2V0TmFtZQogICAgICAgICAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggaXMgbm90IGEgZGlyZWN0b3J5IgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlaWYgKCRzdGF0ZSAtZXEgImZpbGUiKSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggd2lsbCBub3QgYmUgY3JlYXRlZCIKICAgIH0KCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_syslog_facility": "LOG_USER", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_file", "_ansible_remote_tmp": "%TEMP%", "_ansible_check_mode": false, "_ansible_keep_remote_files": false, "_ansible_verbosity": 3, "_ansible_socket": null, "state": "directory", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\log\\event-log", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: d1acf06d-1c43-43dd-a134-27da322b83b3 Path:	4104	1		3	2	15	0	1939	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4244	2280	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:41 PM	839e3e65-ff4b-0001-ae4d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNb ScriptBlock ID: d1acf06d-1c43-43dd-a134-27da322b83b3 Path:	4104	1		3	2	15	0	1938	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4244	2280	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:41 PM	839e3e65-ff4b-0001-ae4d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1937	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4244	5076	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:41 PM	839e3e65-ff4b-0005-db5c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4244 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1936	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4244	3068	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:41 PM	839e3e65-ff4b-0005-db5c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1935	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4244	5076	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:41 PM	839e3e65-ff4b-0005-db5c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 6bdb62e1-2921-4e47-aa06-b79476453394 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = ce3102db-8c2d-47df-baf5-8db5232a8f92 Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1934	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4624	4504	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:40 PM	839e3e65-ff4b-0003-827c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = "Stop" $params = Parse-Args $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -default $false $_remote_tmp = Get-AnsibleParam $params "_ansible_remote_tmp" -type "path" -default $env:TMP $path = Get-AnsibleParam -obj $params -name "path" -type "path" -failifempty $true -aliases "dest","name" $state = Get-AnsibleParam -obj $params -name "state" -type "str" -validateset "absent","directory","file","touch" # used in template/copy when dest is the path to a dir and source is a file $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" if ((Test-Path -Path $path -PathType Container) -and ($null -ne $original_basename)) { $path = Join-Path -Path $path -ChildPath $original_basename } $result = @{ changed = $false } # Used to delete symlinks as powershell cannot delete broken symlinks $symlink_util = @" using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } } "@ $original_tmp = $env:TMP $env:TMP = $_remote_tmp Add-Type -TypeDefinition $symlink_util $env:TMP = $original_tmp # Used to delete directories and files with logic on handling symbolic links function Remove-File($file, $checkmode) { try { if ($file.Attributes -band [System.IO.FileAttributes]::ReparsePoint) { # Bug with powershell, if you try and delete a symbolic link that is pointing # to an invalid path it will fail, using Win32 API to do this instead if ($file.PSIsContainer) { if (-not $checkmode) { [Ansible.Command.SymLinkHelper]::DeleteDirectory($file.FullName) } } else { if (-not $checkmode) { [Ansible.Command.SymlinkHelper]::DeleteFile($file.FullName) } } } elseif ($file.PSIsContainer) { Remove-Directory -directory $file -checkmode $checkmode } else { Remove-Item -LiteralPath $file.FullName -Force -WhatIf:$checkmode } } catch [Exception] { Fail-Json $result "Failed to delete $($file.FullName): $($_.Exception.Message)" } } function Remove-Directory($directory, $checkmode) { foreach ($file in Get-ChildItem $directory.FullName) { Remove-File -file $file -checkmode $checkmode } Remove-Item -LiteralPath $directory.FullName -Force -Recurse -WhatIf:$checkmode } if ($state -eq "touch") { if (Test-Path -LiteralPath $path) { if (-not $check_mode) { (Get-ChildItem -LiteralPath $path).LastWriteTime = Get-Date } $result.changed = $true } else { Write-Output $null | Out-File -LiteralPath $path -Encoding ASCII -WhatIf:$check_mode $result.changed = $true } } if (Test-Path -LiteralPath $path) { $fileinfo = Get-Item -LiteralPath $path if ($state -eq "absent") { Remove-File -file $fileinfo -checkmode $check_mode $result.changed = $true } else { if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } if ($state -eq "file" -and $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a file" } } } else { # If state is not supplied, test the $path to see if it looks like # a file or a folder and set state to file or folder if ($state -eq $null) { $basename = Split-Path -Path $path -Leaf if ($basename.length -gt 0) { $state = "file" } else { $state = "directory" } } if ($state -eq "directory") { try { New-Item -Path $path -ItemType Directory -WhatIf:$check_mode | Out-Null } catch { if ($_.CategoryInfo.Category -eq "ResourceExists") { $fileinfo = Get-Item -LiteralPath $_.CategoryInfo.TargetName if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } } else { Fail-Json $result $_.Exception.Message } } $result.changed = $true } elseif ($state -eq "file") { Fail-Json $result "path $path will not be created" } } Exit-Json $result ScriptBlock ID: dc659bfb-964e-42c8-8aba-dc6ae5a9c488 Path:	4104	1		3	2	15	0	1933	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4624	4504	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:40 PM	839e3e65-ff4b-0003-737c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 691565e2-550c-445d-832e-fe1be4a43305 Path:	4104	1		3	2	15	0	1932	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4624	4780	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:40 PM	839e3e65-ff4b-0003-667c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: be24b286-4220-460b-acae-486cec55e287 Path:	4104	1		3	2	15	0	1931	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4624	4780	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:40 PM	839e3e65-ff4b-0004-2951-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): oK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtZGVmYXVsdCAkZmFsc2UKJF9yZW1vdGVfdG1wID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJfYW5zaWJsZV9yZW1vdGVfdG1wIiAtdHlwZSAicGF0aCIgLWRlZmF1bHQgJGVudjpUTVAKCiRwYXRoID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInBhdGgiIC10eXBlICJwYXRoIiAtZmFpbGlmZW1wdHkgJHRydWUgLWFsaWFzZXMgImRlc3QiLCJuYW1lIgokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RhdGUiIC10eXBlICJzdHIiIC12YWxpZGF0ZXNldCAiYWJzZW50IiwiZGlyZWN0b3J5IiwiZmlsZSIsInRvdWNoIgoKIyB1c2VkIGluIHRlbXBsYXRlL2NvcHkgd2hlbiBkZXN0IGlzIHRoZSBwYXRoIHRvIGEgZGlyIGFuZCBzb3VyY2UgaXMgYSBmaWxlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCmlmICgoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBDb250YWluZXIpIC1hbmQgKCRudWxsIC1uZSAkb3JpZ2luYWxfYmFzZW5hbWUpKSB7CiAgICAkcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkcGF0aCAtQ2hpbGRQYXRoICRvcmlnaW5hbF9iYXNlbmFtZQp9CgokcmVzdWx0ID0gQHsKICAgIGNoYW5nZWQgPSAkZmFsc2UKfQoKIyBVc2VkIHRvIGRlbGV0ZSBzeW1saW5rcyBhcyBwb3dlcnNoZWxsIGNhbm5vdCBkZWxldGUgYnJva2VuIHN5bWxpbmtzCiRzeW1saW5rX3V0aWwgPSBAIgp1c2luZyBTeXN0ZW07CnVzaW5nIFN5c3RlbS5Db21wb25lbnRNb2RlbDsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwoKbmFtZXNwYWNlIEFuc2libGUuQ29tbWFuZCB7CiAgICBwdWJsaWMgY2xhc3MgU3ltTGlua0hlbHBlciB7CiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIERlbGV0ZUZpbGVXKHN0cmluZyBscEZpbGVOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeVcoc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgRGVsZXRlRGlyZWN0b3J5KHN0cmluZyBwYXRoKSB7CiAgICAgICAgICAgIGlmICghUmVtb3ZlRGlyZWN0b3J5VyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiUmVtb3ZlRGlyZWN0b3J5Vyh7MH0pIGZhaWxlZDogezF9IiwgcGF0aCwgbmV3IFdpbjMyRXhjZXB0aW9uKE1hcnNoYWwuR2V0TGFzdFdpbjMyRXJyb3IoKSkuTWVzc2FnZSkpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUZpbGUoc3RyaW5nIHBhdGgpIHsKICAgICAgICAgICAgaWYgKCFEZWxldGVGaWxlVyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRGVsZXRlRmlsZVcoezB9KSBmYWlsZWQ6IHsxfSIsIHBhdGgsIG5ldyBXaW4zMkV4Y2VwdGlvbihNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCkpLk1lc3NhZ2UpKTsKICAgICAgICB9CiAgICB9Cn0KIkAKJG9yaWdpbmFsX3RtcCA9ICRlbnY6VE1QCiRlbnY6VE1QID0gJF9yZW1vdGVfdG1wCkFkZC1UeXBlIC1UeXBlRGVmaW5pdGlvbiAkc3ltbGlua191dGlsCiRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKIyBVc2VkIHRvIGRlbGV0ZSBkaXJlY3RvcmllcyBhbmQgZmlsZXMgd2l0aCBsb2dpYyBvbiBoYW5kbGluZyBzeW1ib2xpYyBsaW5rcwpmdW5jdGlvbiBSZW1vdmUtRmlsZSgkZmlsZSwgJGNoZWNrbW9kZSkgewogICAgdHJ5IHsKICAgICAgICBpZiAoJGZpbGUuQXR0cmlidXRlcyAtYmFuZCBbU3lzdGVtLklPLkZpbGVBdHRyaWJ1dGVzXTo6UmVwYXJzZVBvaW50KSB7CiAgICAgICAgICAgICMgQnVnIHdpdGggcG93ZXJzaGVsbCwgaWYgeW91IHRyeSBhbmQgZGVsZXRlIGEgc3ltYm9saWMgbGluayB0aGF0IGlzIHBvaW50aW5nCiAgICAgICAgICAgICMgdG8gYW4gaW52YWxpZCBwYXRoIGl0IHdpbGwgZmFpbCwgdXNpbmcgV2luMzIgQVBJIHRvIGRvIHRoaXMgaW5zdGVhZAogICAgICAgICAgICBpZiAoJGZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrbW9kZSkgewogICAgICAgICAgICAgICAgICAgIFtBbnNpYmxlLkNvbW1hbmQuU3ltTGlua0hlbHBlcl06OkRlbGV0ZURpcmVjdG9yeSgkZmlsZS5GdWxsTmFtZSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgtbm90ICRjaGVja21vZGUpIHsKICAgICAgICAgICAgICAgICAgICBbQW5zaWJsZS5Db21tYW5kLlN5bWxpbmtIZWxwZXJdOjpEZWxldGVGaWxlKCRmaWxlLkZ1bGxOYW1lKQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgUmVtb3ZlLURpcmVjdG9yeSAtZGlyZWN0b3J5ICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIFJlbW92ZS1JdGVtIC1MaXRlcmFsUGF0aCAkZmlsZS5GdWxsTmFtZSAtRm9yY2UgLVdoYXRJZjokY2hlY2ttb2RlCiAgICAgICAgfQogICAgfSBjYXRjaCBbRXhjZXB0aW9uXSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgIkZhaWxlZCB0byBkZWxldGUgJCgkZmlsZS5GdWxsTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQp9CgpmdW5jdGlvbiBSZW1vdmUtRGlyZWN0b3J5KCRkaXJlY3RvcnksICRjaGVja21vZGUpIHsKICAgIGZvcmVhY2ggKCRmaWxlIGluIEdldC1DaGlsZEl0ZW0gJGRpcmVjdG9yeS5GdWxsTmFtZSkgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgfQogICAgUmVtb3ZlLUl0ZW0gLUxpdGVyYWxQYXRoICRkaXJlY3RvcnkuRnVsbE5hbWUgLUZvcmNlIC1SZWN1cnNlIC1XaGF0SWY6JGNoZWNrbW9kZQp9CgoKaWYgKCRzdGF0ZSAtZXEgInRvdWNoIikgewogICAgaWYgKFRlc3QtUGF0aCAtTGl0ZXJhbFBhdGggJHBhdGgpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAoR2V0LUNoaWxkSXRlbSAtTGl0ZXJhbFBhdGggJHBhdGgpLkxhc3RXcml0ZVRpbWUgPSBHZXQtRGF0ZQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlIHsKICAgICAgICBXcml0ZS1PdXRwdXQgJG51bGwgfCBPdXQtRmlsZSAtTGl0ZXJhbFBhdGggJHBhdGggLUVuY29kaW5nIEFTQ0lJIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgppZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkgewogICAgJGZpbGVpbmZvID0gR2V0LUl0ZW0gLUxpdGVyYWxQYXRoICRwYXRoCiAgICBpZiAoJHN0YXRlIC1lcSAiYWJzZW50IikgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlaW5mbyAtY2hlY2ttb2RlICRjaGVja19tb2RlCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGRpcmVjdG9yeSIKICAgICAgICB9CgogICAgICAgIGlmICgkc3RhdGUgLWVxICJmaWxlIiAtYW5kICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGZpbGUiCiAgICAgICAgfQogICAgfQoKfSBlbHNlIHsKCiAgICAjIElmIHN0YXRlIGlzIG5vdCBzdXBwbGllZCwgdGVzdCB0aGUgJHBhdGggdG8gc2VlIGlmIGl0IGxvb2tzIGxpa2UKICAgICMgYSBmaWxlIG9yIGEgZm9sZGVyIGFuZCBzZXQgc3RhdGUgdG8gZmlsZSBvciBmb2xkZXIKICAgIGlmICgkc3RhdGUgLWVxICRudWxsKSB7CiAgICAgICAgJGJhc2VuYW1lID0gU3BsaXQtUGF0aCAtUGF0aCAkcGF0aCAtTGVhZgogICAgICAgIGlmICgkYmFzZW5hbWUubGVuZ3RoIC1ndCAwKSB7CiAgICAgICAgICAgJHN0YXRlID0gImZpbGUiCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAkc3RhdGUgPSAiZGlyZWN0b3J5IgogICAgICAgIH0KICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAiZGlyZWN0b3J5IikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXRoIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIGlmICgkXy5DYXRlZ29yeUluZm8uQ2F0ZWdvcnkgLWVxICJSZXNvdXJjZUV4aXN0cyIpIHsKICAgICAgICAgICAgICAgICRmaWxlaW5mbyA9IEdldC1JdGVtIC1MaXRlcmFsUGF0aCAkXy5DYXRlZ29yeUluZm8uVGFyZ2V0TmFtZQogICAgICAgICAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggaXMgbm90IGEgZGlyZWN0b3J5IgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlaWYgKCRzdGF0ZSAtZXEgImZpbGUiKSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggd2lsbCBub3QgYmUgY3JlYXRlZCIKICAgIH0KCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_syslog_facility": "LOG_USER", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_file", "_ansible_remote_tmp": "%TEMP%", "_ansible_check_mode": false, "_ansible_keep_remote_files": false, "_ansible_verbosity": 3, "_ansible_socket": null, "state": "directory", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "C:\\openstack\\instances", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 91eee4df-7645-4c95-a1fd-4617d5e474ac Path:	4104	1		3	2	15	0	1930	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4624	4780	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:40 PM	839e3e65-ff4b-0003-5f7c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKg ScriptBlock ID: 91eee4df-7645-4c95-a1fd-4617d5e474ac Path:	4104	1		3	2	15	0	1929	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4624	4780	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:40 PM	839e3e65-ff4b-0003-5f7c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4 ScriptBlock ID: 91eee4df-7645-4c95-a1fd-4617d5e474ac Path:	4104	1		3	2	15	0	1928	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4624	4780	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:40 PM	839e3e65-ff4b-0003-5f7c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1927	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4624	3752	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:39 PM	839e3e65-ff4b-0005-d85c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4624 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1926	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4624	3716	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:39 PM	839e3e65-ff4b-0005-d85c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1925	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4624	3752	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:39 PM	839e3e65-ff4b-0005-d85c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 5aab506b-627a-475b-92f2-748de3233dc4 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = aa98ae30-37e5-43ed-a0d1-3111c2b1c905 Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1924	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4848	3768	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:39 PM	839e3e65-ff4b-0000-d153-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = "Stop" $params = Parse-Args $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -default $false $_remote_tmp = Get-AnsibleParam $params "_ansible_remote_tmp" -type "path" -default $env:TMP $path = Get-AnsibleParam -obj $params -name "path" -type "path" -failifempty $true -aliases "dest","name" $state = Get-AnsibleParam -obj $params -name "state" -type "str" -validateset "absent","directory","file","touch" # used in template/copy when dest is the path to a dir and source is a file $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" if ((Test-Path -Path $path -PathType Container) -and ($null -ne $original_basename)) { $path = Join-Path -Path $path -ChildPath $original_basename } $result = @{ changed = $false } # Used to delete symlinks as powershell cannot delete broken symlinks $symlink_util = @" using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } } "@ $original_tmp = $env:TMP $env:TMP = $_remote_tmp Add-Type -TypeDefinition $symlink_util $env:TMP = $original_tmp # Used to delete directories and files with logic on handling symbolic links function Remove-File($file, $checkmode) { try { if ($file.Attributes -band [System.IO.FileAttributes]::ReparsePoint) { # Bug with powershell, if you try and delete a symbolic link that is pointing # to an invalid path it will fail, using Win32 API to do this instead if ($file.PSIsContainer) { if (-not $checkmode) { [Ansible.Command.SymLinkHelper]::DeleteDirectory($file.FullName) } } else { if (-not $checkmode) { [Ansible.Command.SymlinkHelper]::DeleteFile($file.FullName) } } } elseif ($file.PSIsContainer) { Remove-Directory -directory $file -checkmode $checkmode } else { Remove-Item -LiteralPath $file.FullName -Force -WhatIf:$checkmode } } catch [Exception] { Fail-Json $result "Failed to delete $($file.FullName): $($_.Exception.Message)" } } function Remove-Directory($directory, $checkmode) { foreach ($file in Get-ChildItem $directory.FullName) { Remove-File -file $file -checkmode $checkmode } Remove-Item -LiteralPath $directory.FullName -Force -Recurse -WhatIf:$checkmode } if ($state -eq "touch") { if (Test-Path -LiteralPath $path) { if (-not $check_mode) { (Get-ChildItem -LiteralPath $path).LastWriteTime = Get-Date } $result.changed = $true } else { Write-Output $null | Out-File -LiteralPath $path -Encoding ASCII -WhatIf:$check_mode $result.changed = $true } } if (Test-Path -LiteralPath $path) { $fileinfo = Get-Item -LiteralPath $path if ($state -eq "absent") { Remove-File -file $fileinfo -checkmode $check_mode $result.changed = $true } else { if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } if ($state -eq "file" -and $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a file" } } } else { # If state is not supplied, test the $path to see if it looks like # a file or a folder and set state to file or folder if ($state -eq $null) { $basename = Split-Path -Path $path -Leaf if ($basename.length -gt 0) { $state = "file" } else { $state = "directory" } } if ($state -eq "directory") { try { New-Item -Path $path -ItemType Directory -WhatIf:$check_mode | Out-Null } catch { if ($_.CategoryInfo.Category -eq "ResourceExists") { $fileinfo = Get-Item -LiteralPath $_.CategoryInfo.TargetName if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } } else { Fail-Json $result $_.Exception.Message } } $result.changed = $true } elseif ($state -eq "file") { Fail-Json $result "path $path will not be created" } } Exit-Json $result ScriptBlock ID: 790ece64-eb66-4167-a4c1-13f05acf2d9c Path:	4104	1		3	2	15	0	1923	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4848	3768	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:39 PM	839e3e65-ff4b-0000-c253-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 0c5a9de3-447c-4370-9157-d7cb6f9b47ef Path:	4104	1		3	2	15	0	1922	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4848	220	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:39 PM	839e3e65-ff4b-0005-c35c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 6479572e-125f-415c-8acd-8777d3e05203 Path:	4104	1		3	2	15	0	1921	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4848	220	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:38 PM	839e3e65-ff4b-0005-b45c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 24ee863d-a015-4188-9e0b-0c5d207238cd Path:	4104	1		3	2	15	0	1920	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4848	220	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:38 PM	839e3e65-ff4b-0005-ae5c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): QtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtZGVmYXVsdCAkZmFsc2UKJF9yZW1vdGVfdG1wID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJfYW5zaWJsZV9yZW1vdGVfdG1wIiAtdHlwZSAicGF0aCIgLWRlZmF1bHQgJGVudjpUTVAKCiRwYXRoID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInBhdGgiIC10eXBlICJwYXRoIiAtZmFpbGlmZW1wdHkgJHRydWUgLWFsaWFzZXMgImRlc3QiLCJuYW1lIgokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RhdGUiIC10eXBlICJzdHIiIC12YWxpZGF0ZXNldCAiYWJzZW50IiwiZGlyZWN0b3J5IiwiZmlsZSIsInRvdWNoIgoKIyB1c2VkIGluIHRlbXBsYXRlL2NvcHkgd2hlbiBkZXN0IGlzIHRoZSBwYXRoIHRvIGEgZGlyIGFuZCBzb3VyY2UgaXMgYSBmaWxlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCmlmICgoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBDb250YWluZXIpIC1hbmQgKCRudWxsIC1uZSAkb3JpZ2luYWxfYmFzZW5hbWUpKSB7CiAgICAkcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkcGF0aCAtQ2hpbGRQYXRoICRvcmlnaW5hbF9iYXNlbmFtZQp9CgokcmVzdWx0ID0gQHsKICAgIGNoYW5nZWQgPSAkZmFsc2UKfQoKIyBVc2VkIHRvIGRlbGV0ZSBzeW1saW5rcyBhcyBwb3dlcnNoZWxsIGNhbm5vdCBkZWxldGUgYnJva2VuIHN5bWxpbmtzCiRzeW1saW5rX3V0aWwgPSBAIgp1c2luZyBTeXN0ZW07CnVzaW5nIFN5c3RlbS5Db21wb25lbnRNb2RlbDsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwoKbmFtZXNwYWNlIEFuc2libGUuQ29tbWFuZCB7CiAgICBwdWJsaWMgY2xhc3MgU3ltTGlua0hlbHBlciB7CiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIERlbGV0ZUZpbGVXKHN0cmluZyBscEZpbGVOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeVcoc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgRGVsZXRlRGlyZWN0b3J5KHN0cmluZyBwYXRoKSB7CiAgICAgICAgICAgIGlmICghUmVtb3ZlRGlyZWN0b3J5VyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiUmVtb3ZlRGlyZWN0b3J5Vyh7MH0pIGZhaWxlZDogezF9IiwgcGF0aCwgbmV3IFdpbjMyRXhjZXB0aW9uKE1hcnNoYWwuR2V0TGFzdFdpbjMyRXJyb3IoKSkuTWVzc2FnZSkpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUZpbGUoc3RyaW5nIHBhdGgpIHsKICAgICAgICAgICAgaWYgKCFEZWxldGVGaWxlVyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRGVsZXRlRmlsZVcoezB9KSBmYWlsZWQ6IHsxfSIsIHBhdGgsIG5ldyBXaW4zMkV4Y2VwdGlvbihNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCkpLk1lc3NhZ2UpKTsKICAgICAgICB9CiAgICB9Cn0KIkAKJG9yaWdpbmFsX3RtcCA9ICRlbnY6VE1QCiRlbnY6VE1QID0gJF9yZW1vdGVfdG1wCkFkZC1UeXBlIC1UeXBlRGVmaW5pdGlvbiAkc3ltbGlua191dGlsCiRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKIyBVc2VkIHRvIGRlbGV0ZSBkaXJlY3RvcmllcyBhbmQgZmlsZXMgd2l0aCBsb2dpYyBvbiBoYW5kbGluZyBzeW1ib2xpYyBsaW5rcwpmdW5jdGlvbiBSZW1vdmUtRmlsZSgkZmlsZSwgJGNoZWNrbW9kZSkgewogICAgdHJ5IHsKICAgICAgICBpZiAoJGZpbGUuQXR0cmlidXRlcyAtYmFuZCBbU3lzdGVtLklPLkZpbGVBdHRyaWJ1dGVzXTo6UmVwYXJzZVBvaW50KSB7CiAgICAgICAgICAgICMgQnVnIHdpdGggcG93ZXJzaGVsbCwgaWYgeW91IHRyeSBhbmQgZGVsZXRlIGEgc3ltYm9saWMgbGluayB0aGF0IGlzIHBvaW50aW5nCiAgICAgICAgICAgICMgdG8gYW4gaW52YWxpZCBwYXRoIGl0IHdpbGwgZmFpbCwgdXNpbmcgV2luMzIgQVBJIHRvIGRvIHRoaXMgaW5zdGVhZAogICAgICAgICAgICBpZiAoJGZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrbW9kZSkgewogICAgICAgICAgICAgICAgICAgIFtBbnNpYmxlLkNvbW1hbmQuU3ltTGlua0hlbHBlcl06OkRlbGV0ZURpcmVjdG9yeSgkZmlsZS5GdWxsTmFtZSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgtbm90ICRjaGVja21vZGUpIHsKICAgICAgICAgICAgICAgICAgICBbQW5zaWJsZS5Db21tYW5kLlN5bWxpbmtIZWxwZXJdOjpEZWxldGVGaWxlKCRmaWxlLkZ1bGxOYW1lKQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgUmVtb3ZlLURpcmVjdG9yeSAtZGlyZWN0b3J5ICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIFJlbW92ZS1JdGVtIC1MaXRlcmFsUGF0aCAkZmlsZS5GdWxsTmFtZSAtRm9yY2UgLVdoYXRJZjokY2hlY2ttb2RlCiAgICAgICAgfQogICAgfSBjYXRjaCBbRXhjZXB0aW9uXSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgIkZhaWxlZCB0byBkZWxldGUgJCgkZmlsZS5GdWxsTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQp9CgpmdW5jdGlvbiBSZW1vdmUtRGlyZWN0b3J5KCRkaXJlY3RvcnksICRjaGVja21vZGUpIHsKICAgIGZvcmVhY2ggKCRmaWxlIGluIEdldC1DaGlsZEl0ZW0gJGRpcmVjdG9yeS5GdWxsTmFtZSkgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgfQogICAgUmVtb3ZlLUl0ZW0gLUxpdGVyYWxQYXRoICRkaXJlY3RvcnkuRnVsbE5hbWUgLUZvcmNlIC1SZWN1cnNlIC1XaGF0SWY6JGNoZWNrbW9kZQp9CgoKaWYgKCRzdGF0ZSAtZXEgInRvdWNoIikgewogICAgaWYgKFRlc3QtUGF0aCAtTGl0ZXJhbFBhdGggJHBhdGgpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAoR2V0LUNoaWxkSXRlbSAtTGl0ZXJhbFBhdGggJHBhdGgpLkxhc3RXcml0ZVRpbWUgPSBHZXQtRGF0ZQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlIHsKICAgICAgICBXcml0ZS1PdXRwdXQgJG51bGwgfCBPdXQtRmlsZSAtTGl0ZXJhbFBhdGggJHBhdGggLUVuY29kaW5nIEFTQ0lJIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgppZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkgewogICAgJGZpbGVpbmZvID0gR2V0LUl0ZW0gLUxpdGVyYWxQYXRoICRwYXRoCiAgICBpZiAoJHN0YXRlIC1lcSAiYWJzZW50IikgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlaW5mbyAtY2hlY2ttb2RlICRjaGVja19tb2RlCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGRpcmVjdG9yeSIKICAgICAgICB9CgogICAgICAgIGlmICgkc3RhdGUgLWVxICJmaWxlIiAtYW5kICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGZpbGUiCiAgICAgICAgfQogICAgfQoKfSBlbHNlIHsKCiAgICAjIElmIHN0YXRlIGlzIG5vdCBzdXBwbGllZCwgdGVzdCB0aGUgJHBhdGggdG8gc2VlIGlmIGl0IGxvb2tzIGxpa2UKICAgICMgYSBmaWxlIG9yIGEgZm9sZGVyIGFuZCBzZXQgc3RhdGUgdG8gZmlsZSBvciBmb2xkZXIKICAgIGlmICgkc3RhdGUgLWVxICRudWxsKSB7CiAgICAgICAgJGJhc2VuYW1lID0gU3BsaXQtUGF0aCAtUGF0aCAkcGF0aCAtTGVhZgogICAgICAgIGlmICgkYmFzZW5hbWUubGVuZ3RoIC1ndCAwKSB7CiAgICAgICAgICAgJHN0YXRlID0gImZpbGUiCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAkc3RhdGUgPSAiZGlyZWN0b3J5IgogICAgICAgIH0KICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAiZGlyZWN0b3J5IikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXRoIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIGlmICgkXy5DYXRlZ29yeUluZm8uQ2F0ZWdvcnkgLWVxICJSZXNvdXJjZUV4aXN0cyIpIHsKICAgICAgICAgICAgICAgICRmaWxlaW5mbyA9IEdldC1JdGVtIC1MaXRlcmFsUGF0aCAkXy5DYXRlZ29yeUluZm8uVGFyZ2V0TmFtZQogICAgICAgICAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggaXMgbm90IGEgZGlyZWN0b3J5IgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlaWYgKCRzdGF0ZSAtZXEgImZpbGUiKSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggd2lsbCBub3QgYmUgY3JlYXRlZCIKICAgIH0KCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_syslog_facility": "LOG_USER", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_file", "_ansible_remote_tmp": "%TEMP%", "_ansible_check_mode": false, "_ansible_keep_remote_files": false, "_ansible_verbosity": 3, "_ansible_socket": null, "state": "directory", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\lock", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/ ScriptBlock ID: 24ee863d-a015-4188-9e0b-0c5d207238cd Path:	4104	1		3	2	15	0	1919	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4848	220	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:38 PM	839e3e65-ff4b-0005-ae5c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): vcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZX ScriptBlock ID: 24ee863d-a015-4188-9e0b-0c5d207238cd Path:	4104	1		3	2	15	0	1918	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4848	220	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:38 PM	839e3e65-ff4b-0005-ae5c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHB ScriptBlock ID: 24ee863d-a015-4188-9e0b-0c5d207238cd Path:	4104	1		3	2	15	0	1917	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4848	220	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:38 PM	839e3e65-ff4b-0005-ae5c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1916	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4848	600	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:38 PM	839e3e65-ff4b-0005-ac5c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4848 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1915	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4848	3500	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:38 PM	839e3e65-ff4b-0005-ac5c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1914	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4848	600	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:38 PM	839e3e65-ff4b-0005-ac5c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = a93c5d13-9c16-4b37-b13d-ae8512104794 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = c70a4ff7-0db5-4c45-b1fb-8c9b49e82900 Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1913	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	808	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:38 PM	839e3e65-ff4b-0001-964d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = "Stop" $params = Parse-Args $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -default $false $_remote_tmp = Get-AnsibleParam $params "_ansible_remote_tmp" -type "path" -default $env:TMP $path = Get-AnsibleParam -obj $params -name "path" -type "path" -failifempty $true -aliases "dest","name" $state = Get-AnsibleParam -obj $params -name "state" -type "str" -validateset "absent","directory","file","touch" # used in template/copy when dest is the path to a dir and source is a file $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" if ((Test-Path -Path $path -PathType Container) -and ($null -ne $original_basename)) { $path = Join-Path -Path $path -ChildPath $original_basename } $result = @{ changed = $false } # Used to delete symlinks as powershell cannot delete broken symlinks $symlink_util = @" using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } } "@ $original_tmp = $env:TMP $env:TMP = $_remote_tmp Add-Type -TypeDefinition $symlink_util $env:TMP = $original_tmp # Used to delete directories and files with logic on handling symbolic links function Remove-File($file, $checkmode) { try { if ($file.Attributes -band [System.IO.FileAttributes]::ReparsePoint) { # Bug with powershell, if you try and delete a symbolic link that is pointing # to an invalid path it will fail, using Win32 API to do this instead if ($file.PSIsContainer) { if (-not $checkmode) { [Ansible.Command.SymLinkHelper]::DeleteDirectory($file.FullName) } } else { if (-not $checkmode) { [Ansible.Command.SymlinkHelper]::DeleteFile($file.FullName) } } } elseif ($file.PSIsContainer) { Remove-Directory -directory $file -checkmode $checkmode } else { Remove-Item -LiteralPath $file.FullName -Force -WhatIf:$checkmode } } catch [Exception] { Fail-Json $result "Failed to delete $($file.FullName): $($_.Exception.Message)" } } function Remove-Directory($directory, $checkmode) { foreach ($file in Get-ChildItem $directory.FullName) { Remove-File -file $file -checkmode $checkmode } Remove-Item -LiteralPath $directory.FullName -Force -Recurse -WhatIf:$checkmode } if ($state -eq "touch") { if (Test-Path -LiteralPath $path) { if (-not $check_mode) { (Get-ChildItem -LiteralPath $path).LastWriteTime = Get-Date } $result.changed = $true } else { Write-Output $null | Out-File -LiteralPath $path -Encoding ASCII -WhatIf:$check_mode $result.changed = $true } } if (Test-Path -LiteralPath $path) { $fileinfo = Get-Item -LiteralPath $path if ($state -eq "absent") { Remove-File -file $fileinfo -checkmode $check_mode $result.changed = $true } else { if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } if ($state -eq "file" -and $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a file" } } } else { # If state is not supplied, test the $path to see if it looks like # a file or a folder and set state to file or folder if ($state -eq $null) { $basename = Split-Path -Path $path -Leaf if ($basename.length -gt 0) { $state = "file" } else { $state = "directory" } } if ($state -eq "directory") { try { New-Item -Path $path -ItemType Directory -WhatIf:$check_mode | Out-Null } catch { if ($_.CategoryInfo.Category -eq "ResourceExists") { $fileinfo = Get-Item -LiteralPath $_.CategoryInfo.TargetName if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } } else { Fail-Json $result $_.Exception.Message } } $result.changed = $true } elseif ($state -eq "file") { Fail-Json $result "path $path will not be created" } } Exit-Json $result ScriptBlock ID: a410d87d-eb1b-4322-a3c6-4c2cc932b220 Path:	4104	1		3	2	15	0	1912	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	808	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:38 PM	839e3e65-ff4b-0001-874d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 0fbf2ad3-0f13-4301-b663-4742f1a60500 Path:	4104	1		3	2	15	0	1911	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	4560	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:38 PM	839e3e65-ff4b-0001-7a4d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: f2f247f2-ab4d-4e19-95e0-f232f9b4bc37 Path:	4104	1		3	2	15	0	1910	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	4560	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:37 PM	839e3e65-ff4b-0001-6b4d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): NyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtZGVmYXVsdCAkZmFsc2UKJF9yZW1vdGVfdG1wID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJfYW5zaWJsZV9yZW1vdGVfdG1wIiAtdHlwZSAicGF0aCIgLWRlZmF1bHQgJGVudjpUTVAKCiRwYXRoID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInBhdGgiIC10eXBlICJwYXRoIiAtZmFpbGlmZW1wdHkgJHRydWUgLWFsaWFzZXMgImRlc3QiLCJuYW1lIgokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RhdGUiIC10eXBlICJzdHIiIC12YWxpZGF0ZXNldCAiYWJzZW50IiwiZGlyZWN0b3J5IiwiZmlsZSIsInRvdWNoIgoKIyB1c2VkIGluIHRlbXBsYXRlL2NvcHkgd2hlbiBkZXN0IGlzIHRoZSBwYXRoIHRvIGEgZGlyIGFuZCBzb3VyY2UgaXMgYSBmaWxlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCmlmICgoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBDb250YWluZXIpIC1hbmQgKCRudWxsIC1uZSAkb3JpZ2luYWxfYmFzZW5hbWUpKSB7CiAgICAkcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkcGF0aCAtQ2hpbGRQYXRoICRvcmlnaW5hbF9iYXNlbmFtZQp9CgokcmVzdWx0ID0gQHsKICAgIGNoYW5nZWQgPSAkZmFsc2UKfQoKIyBVc2VkIHRvIGRlbGV0ZSBzeW1saW5rcyBhcyBwb3dlcnNoZWxsIGNhbm5vdCBkZWxldGUgYnJva2VuIHN5bWxpbmtzCiRzeW1saW5rX3V0aWwgPSBAIgp1c2luZyBTeXN0ZW07CnVzaW5nIFN5c3RlbS5Db21wb25lbnRNb2RlbDsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwoKbmFtZXNwYWNlIEFuc2libGUuQ29tbWFuZCB7CiAgICBwdWJsaWMgY2xhc3MgU3ltTGlua0hlbHBlciB7CiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIERlbGV0ZUZpbGVXKHN0cmluZyBscEZpbGVOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeVcoc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgRGVsZXRlRGlyZWN0b3J5KHN0cmluZyBwYXRoKSB7CiAgICAgICAgICAgIGlmICghUmVtb3ZlRGlyZWN0b3J5VyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiUmVtb3ZlRGlyZWN0b3J5Vyh7MH0pIGZhaWxlZDogezF9IiwgcGF0aCwgbmV3IFdpbjMyRXhjZXB0aW9uKE1hcnNoYWwuR2V0TGFzdFdpbjMyRXJyb3IoKSkuTWVzc2FnZSkpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUZpbGUoc3RyaW5nIHBhdGgpIHsKICAgICAgICAgICAgaWYgKCFEZWxldGVGaWxlVyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRGVsZXRlRmlsZVcoezB9KSBmYWlsZWQ6IHsxfSIsIHBhdGgsIG5ldyBXaW4zMkV4Y2VwdGlvbihNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCkpLk1lc3NhZ2UpKTsKICAgICAgICB9CiAgICB9Cn0KIkAKJG9yaWdpbmFsX3RtcCA9ICRlbnY6VE1QCiRlbnY6VE1QID0gJF9yZW1vdGVfdG1wCkFkZC1UeXBlIC1UeXBlRGVmaW5pdGlvbiAkc3ltbGlua191dGlsCiRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKIyBVc2VkIHRvIGRlbGV0ZSBkaXJlY3RvcmllcyBhbmQgZmlsZXMgd2l0aCBsb2dpYyBvbiBoYW5kbGluZyBzeW1ib2xpYyBsaW5rcwpmdW5jdGlvbiBSZW1vdmUtRmlsZSgkZmlsZSwgJGNoZWNrbW9kZSkgewogICAgdHJ5IHsKICAgICAgICBpZiAoJGZpbGUuQXR0cmlidXRlcyAtYmFuZCBbU3lzdGVtLklPLkZpbGVBdHRyaWJ1dGVzXTo6UmVwYXJzZVBvaW50KSB7CiAgICAgICAgICAgICMgQnVnIHdpdGggcG93ZXJzaGVsbCwgaWYgeW91IHRyeSBhbmQgZGVsZXRlIGEgc3ltYm9saWMgbGluayB0aGF0IGlzIHBvaW50aW5nCiAgICAgICAgICAgICMgdG8gYW4gaW52YWxpZCBwYXRoIGl0IHdpbGwgZmFpbCwgdXNpbmcgV2luMzIgQVBJIHRvIGRvIHRoaXMgaW5zdGVhZAogICAgICAgICAgICBpZiAoJGZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrbW9kZSkgewogICAgICAgICAgICAgICAgICAgIFtBbnNpYmxlLkNvbW1hbmQuU3ltTGlua0hlbHBlcl06OkRlbGV0ZURpcmVjdG9yeSgkZmlsZS5GdWxsTmFtZSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgtbm90ICRjaGVja21vZGUpIHsKICAgICAgICAgICAgICAgICAgICBbQW5zaWJsZS5Db21tYW5kLlN5bWxpbmtIZWxwZXJdOjpEZWxldGVGaWxlKCRmaWxlLkZ1bGxOYW1lKQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgUmVtb3ZlLURpcmVjdG9yeSAtZGlyZWN0b3J5ICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIFJlbW92ZS1JdGVtIC1MaXRlcmFsUGF0aCAkZmlsZS5GdWxsTmFtZSAtRm9yY2UgLVdoYXRJZjokY2hlY2ttb2RlCiAgICAgICAgfQogICAgfSBjYXRjaCBbRXhjZXB0aW9uXSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgIkZhaWxlZCB0byBkZWxldGUgJCgkZmlsZS5GdWxsTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQp9CgpmdW5jdGlvbiBSZW1vdmUtRGlyZWN0b3J5KCRkaXJlY3RvcnksICRjaGVja21vZGUpIHsKICAgIGZvcmVhY2ggKCRmaWxlIGluIEdldC1DaGlsZEl0ZW0gJGRpcmVjdG9yeS5GdWxsTmFtZSkgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgfQogICAgUmVtb3ZlLUl0ZW0gLUxpdGVyYWxQYXRoICRkaXJlY3RvcnkuRnVsbE5hbWUgLUZvcmNlIC1SZWN1cnNlIC1XaGF0SWY6JGNoZWNrbW9kZQp9CgoKaWYgKCRzdGF0ZSAtZXEgInRvdWNoIikgewogICAgaWYgKFRlc3QtUGF0aCAtTGl0ZXJhbFBhdGggJHBhdGgpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAoR2V0LUNoaWxkSXRlbSAtTGl0ZXJhbFBhdGggJHBhdGgpLkxhc3RXcml0ZVRpbWUgPSBHZXQtRGF0ZQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlIHsKICAgICAgICBXcml0ZS1PdXRwdXQgJG51bGwgfCBPdXQtRmlsZSAtTGl0ZXJhbFBhdGggJHBhdGggLUVuY29kaW5nIEFTQ0lJIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgppZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkgewogICAgJGZpbGVpbmZvID0gR2V0LUl0ZW0gLUxpdGVyYWxQYXRoICRwYXRoCiAgICBpZiAoJHN0YXRlIC1lcSAiYWJzZW50IikgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlaW5mbyAtY2hlY2ttb2RlICRjaGVja19tb2RlCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGRpcmVjdG9yeSIKICAgICAgICB9CgogICAgICAgIGlmICgkc3RhdGUgLWVxICJmaWxlIiAtYW5kICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGZpbGUiCiAgICAgICAgfQogICAgfQoKfSBlbHNlIHsKCiAgICAjIElmIHN0YXRlIGlzIG5vdCBzdXBwbGllZCwgdGVzdCB0aGUgJHBhdGggdG8gc2VlIGlmIGl0IGxvb2tzIGxpa2UKICAgICMgYSBmaWxlIG9yIGEgZm9sZGVyIGFuZCBzZXQgc3RhdGUgdG8gZmlsZSBvciBmb2xkZXIKICAgIGlmICgkc3RhdGUgLWVxICRudWxsKSB7CiAgICAgICAgJGJhc2VuYW1lID0gU3BsaXQtUGF0aCAtUGF0aCAkcGF0aCAtTGVhZgogICAgICAgIGlmICgkYmFzZW5hbWUubGVuZ3RoIC1ndCAwKSB7CiAgICAgICAgICAgJHN0YXRlID0gImZpbGUiCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAkc3RhdGUgPSAiZGlyZWN0b3J5IgogICAgICAgIH0KICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAiZGlyZWN0b3J5IikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXRoIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIGlmICgkXy5DYXRlZ29yeUluZm8uQ2F0ZWdvcnkgLWVxICJSZXNvdXJjZUV4aXN0cyIpIHsKICAgICAgICAgICAgICAgICRmaWxlaW5mbyA9IEdldC1JdGVtIC1MaXRlcmFsUGF0aCAkXy5DYXRlZ29yeUluZm8uVGFyZ2V0TmFtZQogICAgICAgICAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggaXMgbm90IGEgZGlyZWN0b3J5IgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlaWYgKCRzdGF0ZSAtZXEgImZpbGUiKSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggd2lsbCBub3QgYmUgY3JlYXRlZCIKICAgIH0KCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_syslog_facility": "LOG_USER", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_file", "_ansible_remote_tmp": "%TEMP%", "_ansible_check_mode": false, "_ansible_keep_remote_files": false, "_ansible_verbosity": 3, "_ansible_socket": null, "state": "directory", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\python37", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: bf1a9022-839d-4f63-96c7-324a5c6e6510 Path:	4104	1		3	2	15	0	1909	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	4560	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:37 PM	839e3e65-ff4b-0001-654d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5Lk ScriptBlock ID: bf1a9022-839d-4f63-96c7-324a5c6e6510 Path:	4104	1		3	2	15	0	1908	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	4560	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:37 PM	839e3e65-ff4b-0001-654d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1907	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	1324	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:37 PM	839e3e65-ff4b-0005-a15c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4212 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1906	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	3676	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:37 PM	839e3e65-ff4b-0005-a15c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1905	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	1324	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:37 PM	839e3e65-ff4b-0005-a15c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 1fb0f47f-c7d4-4ff8-a459-e7c2aea43f02 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 50908638-80ae-4851-bf09-6a81a91569c7 Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1904	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4392	3916	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:37 PM	839e3e65-ff4b-0003-4a7c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = "Stop" $params = Parse-Args $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -default $false $_remote_tmp = Get-AnsibleParam $params "_ansible_remote_tmp" -type "path" -default $env:TMP $path = Get-AnsibleParam -obj $params -name "path" -type "path" -failifempty $true -aliases "dest","name" $state = Get-AnsibleParam -obj $params -name "state" -type "str" -validateset "absent","directory","file","touch" # used in template/copy when dest is the path to a dir and source is a file $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" if ((Test-Path -Path $path -PathType Container) -and ($null -ne $original_basename)) { $path = Join-Path -Path $path -ChildPath $original_basename } $result = @{ changed = $false } # Used to delete symlinks as powershell cannot delete broken symlinks $symlink_util = @" using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } } "@ $original_tmp = $env:TMP $env:TMP = $_remote_tmp Add-Type -TypeDefinition $symlink_util $env:TMP = $original_tmp # Used to delete directories and files with logic on handling symbolic links function Remove-File($file, $checkmode) { try { if ($file.Attributes -band [System.IO.FileAttributes]::ReparsePoint) { # Bug with powershell, if you try and delete a symbolic link that is pointing # to an invalid path it will fail, using Win32 API to do this instead if ($file.PSIsContainer) { if (-not $checkmode) { [Ansible.Command.SymLinkHelper]::DeleteDirectory($file.FullName) } } else { if (-not $checkmode) { [Ansible.Command.SymlinkHelper]::DeleteFile($file.FullName) } } } elseif ($file.PSIsContainer) { Remove-Directory -directory $file -checkmode $checkmode } else { Remove-Item -LiteralPath $file.FullName -Force -WhatIf:$checkmode } } catch [Exception] { Fail-Json $result "Failed to delete $($file.FullName): $($_.Exception.Message)" } } function Remove-Directory($directory, $checkmode) { foreach ($file in Get-ChildItem $directory.FullName) { Remove-File -file $file -checkmode $checkmode } Remove-Item -LiteralPath $directory.FullName -Force -Recurse -WhatIf:$checkmode } if ($state -eq "touch") { if (Test-Path -LiteralPath $path) { if (-not $check_mode) { (Get-ChildItem -LiteralPath $path).LastWriteTime = Get-Date } $result.changed = $true } else { Write-Output $null | Out-File -LiteralPath $path -Encoding ASCII -WhatIf:$check_mode $result.changed = $true } } if (Test-Path -LiteralPath $path) { $fileinfo = Get-Item -LiteralPath $path if ($state -eq "absent") { Remove-File -file $fileinfo -checkmode $check_mode $result.changed = $true } else { if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } if ($state -eq "file" -and $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a file" } } } else { # If state is not supplied, test the $path to see if it looks like # a file or a folder and set state to file or folder if ($state -eq $null) { $basename = Split-Path -Path $path -Leaf if ($basename.length -gt 0) { $state = "file" } else { $state = "directory" } } if ($state -eq "directory") { try { New-Item -Path $path -ItemType Directory -WhatIf:$check_mode | Out-Null } catch { if ($_.CategoryInfo.Category -eq "ResourceExists") { $fileinfo = Get-Item -LiteralPath $_.CategoryInfo.TargetName if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } } else { Fail-Json $result $_.Exception.Message } } $result.changed = $true } elseif ($state -eq "file") { Fail-Json $result "path $path will not be created" } } Exit-Json $result ScriptBlock ID: 66a37f03-aa71-4454-ae41-81a6a326f9a4 Path:	4104	1		3	2	15	0	1903	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4392	3916	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:36 PM	839e3e65-ff4b-0003-3b7c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 6562c6ee-7d7d-4161-b910-7dde70ddeef8 Path:	4104	1		3	2	15	0	1902	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4392	4424	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:36 PM	839e3e65-ff4b-0003-2e7c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: bb747d67-4dd6-42fa-925d-5ba02c15238b Path:	4104	1		3	2	15	0	1901	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4392	4424	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:36 PM	839e3e65-ff4b-0003-1f7c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): FcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeVcoc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgRGVsZXRlRGlyZWN0b3J5KHN0cmluZyBwYXRoKSB7CiAgICAgICAgICAgIGlmICghUmVtb3ZlRGlyZWN0b3J5VyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiUmVtb3ZlRGlyZWN0b3J5Vyh7MH0pIGZhaWxlZDogezF9IiwgcGF0aCwgbmV3IFdpbjMyRXhjZXB0aW9uKE1hcnNoYWwuR2V0TGFzdFdpbjMyRXJyb3IoKSkuTWVzc2FnZSkpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUZpbGUoc3RyaW5nIHBhdGgpIHsKICAgICAgICAgICAgaWYgKCFEZWxldGVGaWxlVyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRGVsZXRlRmlsZVcoezB9KSBmYWlsZWQ6IHsxfSIsIHBhdGgsIG5ldyBXaW4zMkV4Y2VwdGlvbihNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCkpLk1lc3NhZ2UpKTsKICAgICAgICB9CiAgICB9Cn0KIkAKJG9yaWdpbmFsX3RtcCA9ICRlbnY6VE1QCiRlbnY6VE1QID0gJF9yZW1vdGVfdG1wCkFkZC1UeXBlIC1UeXBlRGVmaW5pdGlvbiAkc3ltbGlua191dGlsCiRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKIyBVc2VkIHRvIGRlbGV0ZSBkaXJlY3RvcmllcyBhbmQgZmlsZXMgd2l0aCBsb2dpYyBvbiBoYW5kbGluZyBzeW1ib2xpYyBsaW5rcwpmdW5jdGlvbiBSZW1vdmUtRmlsZSgkZmlsZSwgJGNoZWNrbW9kZSkgewogICAgdHJ5IHsKICAgICAgICBpZiAoJGZpbGUuQXR0cmlidXRlcyAtYmFuZCBbU3lzdGVtLklPLkZpbGVBdHRyaWJ1dGVzXTo6UmVwYXJzZVBvaW50KSB7CiAgICAgICAgICAgICMgQnVnIHdpdGggcG93ZXJzaGVsbCwgaWYgeW91IHRyeSBhbmQgZGVsZXRlIGEgc3ltYm9saWMgbGluayB0aGF0IGlzIHBvaW50aW5nCiAgICAgICAgICAgICMgdG8gYW4gaW52YWxpZCBwYXRoIGl0IHdpbGwgZmFpbCwgdXNpbmcgV2luMzIgQVBJIHRvIGRvIHRoaXMgaW5zdGVhZAogICAgICAgICAgICBpZiAoJGZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrbW9kZSkgewogICAgICAgICAgICAgICAgICAgIFtBbnNpYmxlLkNvbW1hbmQuU3ltTGlua0hlbHBlcl06OkRlbGV0ZURpcmVjdG9yeSgkZmlsZS5GdWxsTmFtZSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgtbm90ICRjaGVja21vZGUpIHsKICAgICAgICAgICAgICAgICAgICBbQW5zaWJsZS5Db21tYW5kLlN5bWxpbmtIZWxwZXJdOjpEZWxldGVGaWxlKCRmaWxlLkZ1bGxOYW1lKQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgUmVtb3ZlLURpcmVjdG9yeSAtZGlyZWN0b3J5ICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIFJlbW92ZS1JdGVtIC1MaXRlcmFsUGF0aCAkZmlsZS5GdWxsTmFtZSAtRm9yY2UgLVdoYXRJZjokY2hlY2ttb2RlCiAgICAgICAgfQogICAgfSBjYXRjaCBbRXhjZXB0aW9uXSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgIkZhaWxlZCB0byBkZWxldGUgJCgkZmlsZS5GdWxsTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQp9CgpmdW5jdGlvbiBSZW1vdmUtRGlyZWN0b3J5KCRkaXJlY3RvcnksICRjaGVja21vZGUpIHsKICAgIGZvcmVhY2ggKCRmaWxlIGluIEdldC1DaGlsZEl0ZW0gJGRpcmVjdG9yeS5GdWxsTmFtZSkgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgfQogICAgUmVtb3ZlLUl0ZW0gLUxpdGVyYWxQYXRoICRkaXJlY3RvcnkuRnVsbE5hbWUgLUZvcmNlIC1SZWN1cnNlIC1XaGF0SWY6JGNoZWNrbW9kZQp9CgoKaWYgKCRzdGF0ZSAtZXEgInRvdWNoIikgewogICAgaWYgKFRlc3QtUGF0aCAtTGl0ZXJhbFBhdGggJHBhdGgpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAoR2V0LUNoaWxkSXRlbSAtTGl0ZXJhbFBhdGggJHBhdGgpLkxhc3RXcml0ZVRpbWUgPSBHZXQtRGF0ZQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlIHsKICAgICAgICBXcml0ZS1PdXRwdXQgJG51bGwgfCBPdXQtRmlsZSAtTGl0ZXJhbFBhdGggJHBhdGggLUVuY29kaW5nIEFTQ0lJIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgppZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkgewogICAgJGZpbGVpbmZvID0gR2V0LUl0ZW0gLUxpdGVyYWxQYXRoICRwYXRoCiAgICBpZiAoJHN0YXRlIC1lcSAiYWJzZW50IikgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlaW5mbyAtY2hlY2ttb2RlICRjaGVja19tb2RlCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGRpcmVjdG9yeSIKICAgICAgICB9CgogICAgICAgIGlmICgkc3RhdGUgLWVxICJmaWxlIiAtYW5kICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGZpbGUiCiAgICAgICAgfQogICAgfQoKfSBlbHNlIHsKCiAgICAjIElmIHN0YXRlIGlzIG5vdCBzdXBwbGllZCwgdGVzdCB0aGUgJHBhdGggdG8gc2VlIGlmIGl0IGxvb2tzIGxpa2UKICAgICMgYSBmaWxlIG9yIGEgZm9sZGVyIGFuZCBzZXQgc3RhdGUgdG8gZmlsZSBvciBmb2xkZXIKICAgIGlmICgkc3RhdGUgLWVxICRudWxsKSB7CiAgICAgICAgJGJhc2VuYW1lID0gU3BsaXQtUGF0aCAtUGF0aCAkcGF0aCAtTGVhZgogICAgICAgIGlmICgkYmFzZW5hbWUubGVuZ3RoIC1ndCAwKSB7CiAgICAgICAgICAgJHN0YXRlID0gImZpbGUiCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAkc3RhdGUgPSAiZGlyZWN0b3J5IgogICAgICAgIH0KICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAiZGlyZWN0b3J5IikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXRoIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIGlmICgkXy5DYXRlZ29yeUluZm8uQ2F0ZWdvcnkgLWVxICJSZXNvdXJjZUV4aXN0cyIpIHsKICAgICAgICAgICAgICAgICRmaWxlaW5mbyA9IEdldC1JdGVtIC1MaXRlcmFsUGF0aCAkXy5DYXRlZ29yeUluZm8uVGFyZ2V0TmFtZQogICAgICAgICAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggaXMgbm90IGEgZGlyZWN0b3J5IgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlaWYgKCRzdGF0ZSAtZXEgImZpbGUiKSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggd2lsbCBub3QgYmUgY3JlYXRlZCIKICAgIH0KCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_syslog_facility": "LOG_USER", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_file", "_ansible_remote_tmp": "%TEMP%", "_ansible_check_mode": false, "_ansible_keep_remote_files": false, "_ansible_verbosity": 3, "_ansible_socket": null, "state": "directory", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\etc", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: c38e9270-c41b-4a09-a266-4ee99e903eb8 Path:	4104	1		3	2	15	0	1900	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4392	4424	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:36 PM	839e3e65-ff4b-0003-197c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): AgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtZGVmYXVsdCAkZmFsc2UKJF9yZW1vdGVfdG1wID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJfYW5zaWJsZV9yZW1vdGVfdG1wIiAtdHlwZSAicGF0aCIgLWRlZmF1bHQgJGVudjpUTVAKCiRwYXRoID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInBhdGgiIC10eXBlICJwYXRoIiAtZmFpbGlmZW1wdHkgJHRydWUgLWFsaWFzZXMgImRlc3QiLCJuYW1lIgokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RhdGUiIC10eXBlICJzdHIiIC12YWxpZGF0ZXNldCAiYWJzZW50IiwiZGlyZWN0b3J5IiwiZmlsZSIsInRvdWNoIgoKIyB1c2VkIGluIHRlbXBsYXRlL2NvcHkgd2hlbiBkZXN0IGlzIHRoZSBwYXRoIHRvIGEgZGlyIGFuZCBzb3VyY2UgaXMgYSBmaWxlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCmlmICgoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBDb250YWluZXIpIC1hbmQgKCRudWxsIC1uZSAkb3JpZ2luYWxfYmFzZW5hbWUpKSB7CiAgICAkcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkcGF0aCAtQ2hpbGRQYXRoICRvcmlnaW5hbF9iYXNlbmFtZQp9CgokcmVzdWx0ID0gQHsKICAgIGNoYW5nZWQgPSAkZmFsc2UKfQoKIyBVc2VkIHRvIGRlbGV0ZSBzeW1saW5rcyBhcyBwb3dlcnNoZWxsIGNhbm5vdCBkZWxldGUgYnJva2VuIHN5bWxpbmtzCiRzeW1saW5rX3V0aWwgPSBAIgp1c2luZyBTeXN0ZW07CnVzaW5nIFN5c3RlbS5Db21wb25lbnRNb2RlbDsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwoKbmFtZXNwYWNlIEFuc2libGUuQ29tbWFuZCB7CiAgICBwdWJsaWMgY2xhc3MgU3ltTGlua0hlbHBlciB7CiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIERlbGV0ZUZpbGVXKHN0cmluZyBscEZpbGVOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3R ScriptBlock ID: c38e9270-c41b-4a09-a266-4ee99e903eb8 Path:	4104	1		3	2	15	0	1899	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4392	4424	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:36 PM	839e3e65-ff4b-0003-197c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgIC ScriptBlock ID: c38e9270-c41b-4a09-a266-4ee99e903eb8 Path:	4104	1		3	2	15	0	1898	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4392	4424	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:36 PM	839e3e65-ff4b-0003-197c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1897	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4392	1992	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:36 PM	839e3e65-ff4b-0005-9a5c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4392 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1896	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4392	3108	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:36 PM	839e3e65-ff4b-0005-9a5c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1895	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4392	1992	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:36 PM	839e3e65-ff4b-0005-9a5c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 948b9c34-e514-4d9a-b888-79a00cc9026e Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = c7388e1d-3b92-4b49-80bf-457c4d449a8a Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1894	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1472	3088	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:35 PM	839e3e65-ff4b-0000-ab53-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = "Stop" $params = Parse-Args $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -default $false $_remote_tmp = Get-AnsibleParam $params "_ansible_remote_tmp" -type "path" -default $env:TMP $path = Get-AnsibleParam -obj $params -name "path" -type "path" -failifempty $true -aliases "dest","name" $state = Get-AnsibleParam -obj $params -name "state" -type "str" -validateset "absent","directory","file","touch" # used in template/copy when dest is the path to a dir and source is a file $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" if ((Test-Path -Path $path -PathType Container) -and ($null -ne $original_basename)) { $path = Join-Path -Path $path -ChildPath $original_basename } $result = @{ changed = $false } # Used to delete symlinks as powershell cannot delete broken symlinks $symlink_util = @" using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } } "@ $original_tmp = $env:TMP $env:TMP = $_remote_tmp Add-Type -TypeDefinition $symlink_util $env:TMP = $original_tmp # Used to delete directories and files with logic on handling symbolic links function Remove-File($file, $checkmode) { try { if ($file.Attributes -band [System.IO.FileAttributes]::ReparsePoint) { # Bug with powershell, if you try and delete a symbolic link that is pointing # to an invalid path it will fail, using Win32 API to do this instead if ($file.PSIsContainer) { if (-not $checkmode) { [Ansible.Command.SymLinkHelper]::DeleteDirectory($file.FullName) } } else { if (-not $checkmode) { [Ansible.Command.SymlinkHelper]::DeleteFile($file.FullName) } } } elseif ($file.PSIsContainer) { Remove-Directory -directory $file -checkmode $checkmode } else { Remove-Item -LiteralPath $file.FullName -Force -WhatIf:$checkmode } } catch [Exception] { Fail-Json $result "Failed to delete $($file.FullName): $($_.Exception.Message)" } } function Remove-Directory($directory, $checkmode) { foreach ($file in Get-ChildItem $directory.FullName) { Remove-File -file $file -checkmode $checkmode } Remove-Item -LiteralPath $directory.FullName -Force -Recurse -WhatIf:$checkmode } if ($state -eq "touch") { if (Test-Path -LiteralPath $path) { if (-not $check_mode) { (Get-ChildItem -LiteralPath $path).LastWriteTime = Get-Date } $result.changed = $true } else { Write-Output $null | Out-File -LiteralPath $path -Encoding ASCII -WhatIf:$check_mode $result.changed = $true } } if (Test-Path -LiteralPath $path) { $fileinfo = Get-Item -LiteralPath $path if ($state -eq "absent") { Remove-File -file $fileinfo -checkmode $check_mode $result.changed = $true } else { if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } if ($state -eq "file" -and $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a file" } } } else { # If state is not supplied, test the $path to see if it looks like # a file or a folder and set state to file or folder if ($state -eq $null) { $basename = Split-Path -Path $path -Leaf if ($basename.length -gt 0) { $state = "file" } else { $state = "directory" } } if ($state -eq "directory") { try { New-Item -Path $path -ItemType Directory -WhatIf:$check_mode | Out-Null } catch { if ($_.CategoryInfo.Category -eq "ResourceExists") { $fileinfo = Get-Item -LiteralPath $_.CategoryInfo.TargetName if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } } else { Fail-Json $result $_.Exception.Message } } $result.changed = $true } elseif ($state -eq "file") { Fail-Json $result "path $path will not be created" } } Exit-Json $result ScriptBlock ID: af573db1-ce99-42be-9f79-ae73c6d7c872 Path:	4104	1		3	2	15	0	1893	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1472	3088	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:35 PM	839e3e65-ff4b-0000-9c53-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: fd90841e-2001-4bc8-b093-cc473853db9b Path:	4104	1		3	2	15	0	1892	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1472	4488	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:35 PM	839e3e65-ff4b-0005-925c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: fa9f0e79-2680-4bf8-be4f-ae5a12dd095f Path:	4104	1		3	2	15	0	1891	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1472	4488	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:35 PM	839e3e65-ff4b-0005-835c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): D0gQHsKICAgIGNoYW5nZWQgPSAkZmFsc2UKfQoKIyBVc2VkIHRvIGRlbGV0ZSBzeW1saW5rcyBhcyBwb3dlcnNoZWxsIGNhbm5vdCBkZWxldGUgYnJva2VuIHN5bWxpbmtzCiRzeW1saW5rX3V0aWwgPSBAIgp1c2luZyBTeXN0ZW07CnVzaW5nIFN5c3RlbS5Db21wb25lbnRNb2RlbDsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwoKbmFtZXNwYWNlIEFuc2libGUuQ29tbWFuZCB7CiAgICBwdWJsaWMgY2xhc3MgU3ltTGlua0hlbHBlciB7CiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIERlbGV0ZUZpbGVXKHN0cmluZyBscEZpbGVOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeVcoc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgRGVsZXRlRGlyZWN0b3J5KHN0cmluZyBwYXRoKSB7CiAgICAgICAgICAgIGlmICghUmVtb3ZlRGlyZWN0b3J5VyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiUmVtb3ZlRGlyZWN0b3J5Vyh7MH0pIGZhaWxlZDogezF9IiwgcGF0aCwgbmV3IFdpbjMyRXhjZXB0aW9uKE1hcnNoYWwuR2V0TGFzdFdpbjMyRXJyb3IoKSkuTWVzc2FnZSkpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUZpbGUoc3RyaW5nIHBhdGgpIHsKICAgICAgICAgICAgaWYgKCFEZWxldGVGaWxlVyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRGVsZXRlRmlsZVcoezB9KSBmYWlsZWQ6IHsxfSIsIHBhdGgsIG5ldyBXaW4zMkV4Y2VwdGlvbihNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCkpLk1lc3NhZ2UpKTsKICAgICAgICB9CiAgICB9Cn0KIkAKJG9yaWdpbmFsX3RtcCA9ICRlbnY6VE1QCiRlbnY6VE1QID0gJF9yZW1vdGVfdG1wCkFkZC1UeXBlIC1UeXBlRGVmaW5pdGlvbiAkc3ltbGlua191dGlsCiRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKIyBVc2VkIHRvIGRlbGV0ZSBkaXJlY3RvcmllcyBhbmQgZmlsZXMgd2l0aCBsb2dpYyBvbiBoYW5kbGluZyBzeW1ib2xpYyBsaW5rcwpmdW5jdGlvbiBSZW1vdmUtRmlsZSgkZmlsZSwgJGNoZWNrbW9kZSkgewogICAgdHJ5IHsKICAgICAgICBpZiAoJGZpbGUuQXR0cmlidXRlcyAtYmFuZCBbU3lzdGVtLklPLkZpbGVBdHRyaWJ1dGVzXTo6UmVwYXJzZVBvaW50KSB7CiAgICAgICAgICAgICMgQnVnIHdpdGggcG93ZXJzaGVsbCwgaWYgeW91IHRyeSBhbmQgZGVsZXRlIGEgc3ltYm9saWMgbGluayB0aGF0IGlzIHBvaW50aW5nCiAgICAgICAgICAgICMgdG8gYW4gaW52YWxpZCBwYXRoIGl0IHdpbGwgZmFpbCwgdXNpbmcgV2luMzIgQVBJIHRvIGRvIHRoaXMgaW5zdGVhZAogICAgICAgICAgICBpZiAoJGZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrbW9kZSkgewogICAgICAgICAgICAgICAgICAgIFtBbnNpYmxlLkNvbW1hbmQuU3ltTGlua0hlbHBlcl06OkRlbGV0ZURpcmVjdG9yeSgkZmlsZS5GdWxsTmFtZSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgtbm90ICRjaGVja21vZGUpIHsKICAgICAgICAgICAgICAgICAgICBbQW5zaWJsZS5Db21tYW5kLlN5bWxpbmtIZWxwZXJdOjpEZWxldGVGaWxlKCRmaWxlLkZ1bGxOYW1lKQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgUmVtb3ZlLURpcmVjdG9yeSAtZGlyZWN0b3J5ICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIFJlbW92ZS1JdGVtIC1MaXRlcmFsUGF0aCAkZmlsZS5GdWxsTmFtZSAtRm9yY2UgLVdoYXRJZjokY2hlY2ttb2RlCiAgICAgICAgfQogICAgfSBjYXRjaCBbRXhjZXB0aW9uXSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgIkZhaWxlZCB0byBkZWxldGUgJCgkZmlsZS5GdWxsTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQp9CgpmdW5jdGlvbiBSZW1vdmUtRGlyZWN0b3J5KCRkaXJlY3RvcnksICRjaGVja21vZGUpIHsKICAgIGZvcmVhY2ggKCRmaWxlIGluIEdldC1DaGlsZEl0ZW0gJGRpcmVjdG9yeS5GdWxsTmFtZSkgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgfQogICAgUmVtb3ZlLUl0ZW0gLUxpdGVyYWxQYXRoICRkaXJlY3RvcnkuRnVsbE5hbWUgLUZvcmNlIC1SZWN1cnNlIC1XaGF0SWY6JGNoZWNrbW9kZQp9CgoKaWYgKCRzdGF0ZSAtZXEgInRvdWNoIikgewogICAgaWYgKFRlc3QtUGF0aCAtTGl0ZXJhbFBhdGggJHBhdGgpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAoR2V0LUNoaWxkSXRlbSAtTGl0ZXJhbFBhdGggJHBhdGgpLkxhc3RXcml0ZVRpbWUgPSBHZXQtRGF0ZQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlIHsKICAgICAgICBXcml0ZS1PdXRwdXQgJG51bGwgfCBPdXQtRmlsZSAtTGl0ZXJhbFBhdGggJHBhdGggLUVuY29kaW5nIEFTQ0lJIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgppZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkgewogICAgJGZpbGVpbmZvID0gR2V0LUl0ZW0gLUxpdGVyYWxQYXRoICRwYXRoCiAgICBpZiAoJHN0YXRlIC1lcSAiYWJzZW50IikgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlaW5mbyAtY2hlY2ttb2RlICRjaGVja19tb2RlCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGRpcmVjdG9yeSIKICAgICAgICB9CgogICAgICAgIGlmICgkc3RhdGUgLWVxICJmaWxlIiAtYW5kICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGZpbGUiCiAgICAgICAgfQogICAgfQoKfSBlbHNlIHsKCiAgICAjIElmIHN0YXRlIGlzIG5vdCBzdXBwbGllZCwgdGVzdCB0aGUgJHBhdGggdG8gc2VlIGlmIGl0IGxvb2tzIGxpa2UKICAgICMgYSBmaWxlIG9yIGEgZm9sZGVyIGFuZCBzZXQgc3RhdGUgdG8gZmlsZSBvciBmb2xkZXIKICAgIGlmICgkc3RhdGUgLWVxICRudWxsKSB7CiAgICAgICAgJGJhc2VuYW1lID0gU3BsaXQtUGF0aCAtUGF0aCAkcGF0aCAtTGVhZgogICAgICAgIGlmICgkYmFzZW5hbWUubGVuZ3RoIC1ndCAwKSB7CiAgICAgICAgICAgJHN0YXRlID0gImZpbGUiCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAkc3RhdGUgPSAiZGlyZWN0b3J5IgogICAgICAgIH0KICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAiZGlyZWN0b3J5IikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXRoIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIGlmICgkXy5DYXRlZ29yeUluZm8uQ2F0ZWdvcnkgLWVxICJSZXNvdXJjZUV4aXN0cyIpIHsKICAgICAgICAgICAgICAgICRmaWxlaW5mbyA9IEdldC1JdGVtIC1MaXRlcmFsUGF0aCAkXy5DYXRlZ29yeUluZm8uVGFyZ2V0TmFtZQogICAgICAgICAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggaXMgbm90IGEgZGlyZWN0b3J5IgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlaWYgKCRzdGF0ZSAtZXEgImZpbGUiKSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggd2lsbCBub3QgYmUgY3JlYXRlZCIKICAgIH0KCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_syslog_facility": "LOG_USER", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_file", "_ansible_remote_tmp": "%TEMP%", "_ansible_check_mode": false, "_ansible_keep_remote_files": false, "_ansible_verbosity": 3, "_ansible_socket": null, "state": "directory", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\log", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 1ea83f4e-367b-4c66-862d-8d6a60e3796d Path:	4104	1		3	2	15	0	1890	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1472	4488	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:35 PM	839e3e65-ff4b-0005-7d5c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): C1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtZGVmYXVsdCAkZmFsc2UKJF9yZW1vdGVfdG1wID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJfYW5zaWJsZV9yZW1vdGVfdG1wIiAtdHlwZSAicGF0aCIgLWRlZmF1bHQgJGVudjpUTVAKCiRwYXRoID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInBhdGgiIC10eXBlICJwYXRoIiAtZmFpbGlmZW1wdHkgJHRydWUgLWFsaWFzZXMgImRlc3QiLCJuYW1lIgokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RhdGUiIC10eXBlICJzdHIiIC12YWxpZGF0ZXNldCAiYWJzZW50IiwiZGlyZWN0b3J5IiwiZmlsZSIsInRvdWNoIgoKIyB1c2VkIGluIHRlbXBsYXRlL2NvcHkgd2hlbiBkZXN0IGlzIHRoZSBwYXRoIHRvIGEgZGlyIGFuZCBzb3VyY2UgaXMgYSBmaWxlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCmlmICgoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBDb250YWluZXIpIC1hbmQgKCRudWxsIC1uZSAkb3JpZ2luYWxfYmFzZW5hbWUpKSB7CiAgICAkcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkcGF0aCAtQ2hpbGRQYXRoICRvcmlnaW5hbF9iYXNlbmFtZQp9CgokcmVzdWx0I ScriptBlock ID: 1ea83f4e-367b-4c66-862d-8d6a60e3796d Path:	4104	1		3	2	15	0	1889	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1472	4488	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:35 PM	839e3e65-ff4b-0005-7d5c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0I ScriptBlock ID: 1ea83f4e-367b-4c66-862d-8d6a60e3796d Path:	4104	1		3	2	15	0	1888	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1472	4488	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:35 PM	839e3e65-ff4b-0005-7d5c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1887	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1472	1460	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:35 PM	839e3e65-ff4b-0005-7b5c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1472 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1886	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1472	5064	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:34 PM	839e3e65-ff4b-0005-7b5c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1885	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1472	1460	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:34 PM	839e3e65-ff4b-0005-7b5c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = d48c2dfd-2475-40f4-be1e-35fd563e8f65 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 2347dcb5-7f28-4d73-b2ee-ea9e49593271 Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1884	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4664	3512	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:34 PM	839e3e65-ff4b-0001-4f4d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = "Stop" $params = Parse-Args $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -default $false $_remote_tmp = Get-AnsibleParam $params "_ansible_remote_tmp" -type "path" -default $env:TMP $path = Get-AnsibleParam -obj $params -name "path" -type "path" -failifempty $true -aliases "dest","name" $state = Get-AnsibleParam -obj $params -name "state" -type "str" -validateset "absent","directory","file","touch" # used in template/copy when dest is the path to a dir and source is a file $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" if ((Test-Path -Path $path -PathType Container) -and ($null -ne $original_basename)) { $path = Join-Path -Path $path -ChildPath $original_basename } $result = @{ changed = $false } # Used to delete symlinks as powershell cannot delete broken symlinks $symlink_util = @" using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } } "@ $original_tmp = $env:TMP $env:TMP = $_remote_tmp Add-Type -TypeDefinition $symlink_util $env:TMP = $original_tmp # Used to delete directories and files with logic on handling symbolic links function Remove-File($file, $checkmode) { try { if ($file.Attributes -band [System.IO.FileAttributes]::ReparsePoint) { # Bug with powershell, if you try and delete a symbolic link that is pointing # to an invalid path it will fail, using Win32 API to do this instead if ($file.PSIsContainer) { if (-not $checkmode) { [Ansible.Command.SymLinkHelper]::DeleteDirectory($file.FullName) } } else { if (-not $checkmode) { [Ansible.Command.SymlinkHelper]::DeleteFile($file.FullName) } } } elseif ($file.PSIsContainer) { Remove-Directory -directory $file -checkmode $checkmode } else { Remove-Item -LiteralPath $file.FullName -Force -WhatIf:$checkmode } } catch [Exception] { Fail-Json $result "Failed to delete $($file.FullName): $($_.Exception.Message)" } } function Remove-Directory($directory, $checkmode) { foreach ($file in Get-ChildItem $directory.FullName) { Remove-File -file $file -checkmode $checkmode } Remove-Item -LiteralPath $directory.FullName -Force -Recurse -WhatIf:$checkmode } if ($state -eq "touch") { if (Test-Path -LiteralPath $path) { if (-not $check_mode) { (Get-ChildItem -LiteralPath $path).LastWriteTime = Get-Date } $result.changed = $true } else { Write-Output $null | Out-File -LiteralPath $path -Encoding ASCII -WhatIf:$check_mode $result.changed = $true } } if (Test-Path -LiteralPath $path) { $fileinfo = Get-Item -LiteralPath $path if ($state -eq "absent") { Remove-File -file $fileinfo -checkmode $check_mode $result.changed = $true } else { if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } if ($state -eq "file" -and $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a file" } } } else { # If state is not supplied, test the $path to see if it looks like # a file or a folder and set state to file or folder if ($state -eq $null) { $basename = Split-Path -Path $path -Leaf if ($basename.length -gt 0) { $state = "file" } else { $state = "directory" } } if ($state -eq "directory") { try { New-Item -Path $path -ItemType Directory -WhatIf:$check_mode | Out-Null } catch { if ($_.CategoryInfo.Category -eq "ResourceExists") { $fileinfo = Get-Item -LiteralPath $_.CategoryInfo.TargetName if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } } else { Fail-Json $result $_.Exception.Message } } $result.changed = $true } elseif ($state -eq "file") { Fail-Json $result "path $path will not be created" } } Exit-Json $result ScriptBlock ID: a6d6a579-0982-4b52-a1c9-5ce98a067322 Path:	4104	1		3	2	15	0	1883	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4664	3512	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:34 PM	839e3e65-ff4b-0001-404d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: e23d426f-33cb-46b3-95ab-5bb23cc5661a Path:	4104	1		3	2	15	0	1882	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4664	4768	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:34 PM	839e3e65-ff4b-0001-334d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 1a826c3b-a9f3-4366-8df3-8f3b530242c2 Path:	4104	1		3	2	15	0	1881	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4664	4768	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:34 PM	839e3e65-ff4b-0001-254d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): CAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtZGVmYXVsdCAkZmFsc2UKJF9yZW1vdGVfdG1wID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJfYW5zaWJsZV9yZW1vdGVfdG1wIiAtdHlwZSAicGF0aCIgLWRlZmF1bHQgJGVudjpUTVAKCiRwYXRoID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInBhdGgiIC10eXBlICJwYXRoIiAtZmFpbGlmZW1wdHkgJHRydWUgLWFsaWFzZXMgImRlc3QiLCJuYW1lIgokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RhdGUiIC10eXBlICJzdHIiIC12YWxpZGF0ZXNldCAiYWJzZW50IiwiZGlyZWN0b3J5IiwiZmlsZSIsInRvdWNoIgoKIyB1c2VkIGluIHRlbXBsYXRlL2NvcHkgd2hlbiBkZXN0IGlzIHRoZSBwYXRoIHRvIGEgZGlyIGFuZCBzb3VyY2UgaXMgYSBmaWxlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCmlmICgoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBDb250YWluZXIpIC1hbmQgKCRudWxsIC1uZSAkb3JpZ2luYWxfYmFzZW5hbWUpKSB7CiAgICAkcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkcGF0aCAtQ2hpbGRQYXRoICRvcmlnaW5hbF9iYXNlbmFtZQp9CgokcmVzdWx0ID0gQHsKICAgIGNoYW5nZWQgPSAkZmFsc2UKfQoKIyBVc2VkIHRvIGRlbGV0ZSBzeW1saW5rcyBhcyBwb3dlcnNoZWxsIGNhbm5vdCBkZWxldGUgYnJva2VuIHN5bWxpbmtzCiRzeW1saW5rX3V0aWwgPSBAIgp1c2luZyBTeXN0ZW07CnVzaW5nIFN5c3RlbS5Db21wb25lbnRNb2RlbDsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwoKbmFtZXNwYWNlIEFuc2libGUuQ29tbWFuZCB7CiAgICBwdWJsaWMgY2xhc3MgU3ltTGlua0hlbHBlciB7CiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIERlbGV0ZUZpbGVXKHN0cmluZyBscEZpbGVOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeVcoc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgRGVsZXRlRGlyZWN0b3J5KHN0cmluZyBwYXRoKSB7CiAgICAgICAgICAgIGlmICghUmVtb3ZlRGlyZWN0b3J5VyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiUmVtb3ZlRGlyZWN0b3J5Vyh7MH0pIGZhaWxlZDogezF9IiwgcGF0aCwgbmV3IFdpbjMyRXhjZXB0aW9uKE1hcnNoYWwuR2V0TGFzdFdpbjMyRXJyb3IoKSkuTWVzc2FnZSkpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUZpbGUoc3RyaW5nIHBhdGgpIHsKICAgICAgICAgICAgaWYgKCFEZWxldGVGaWxlVyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRGVsZXRlRmlsZVcoezB9KSBmYWlsZWQ6IHsxfSIsIHBhdGgsIG5ldyBXaW4zMkV4Y2VwdGlvbihNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCkpLk1lc3NhZ2UpKTsKICAgICAgICB9CiAgICB9Cn0KIkAKJG9yaWdpbmFsX3RtcCA9ICRlbnY6VE1QCiRlbnY6VE1QID0gJF9yZW1vdGVfdG1wCkFkZC1UeXBlIC1UeXBlRGVmaW5pdGlvbiAkc3ltbGlua191dGlsCiRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKIyBVc2VkIHRvIGRlbGV0ZSBkaXJlY3RvcmllcyBhbmQgZmlsZXMgd2l0aCBsb2dpYyBvbiBoYW5kbGluZyBzeW1ib2xpYyBsaW5rcwpmdW5jdGlvbiBSZW1vdmUtRmlsZSgkZmlsZSwgJGNoZWNrbW9kZSkgewogICAgdHJ5IHsKICAgICAgICBpZiAoJGZpbGUuQXR0cmlidXRlcyAtYmFuZCBbU3lzdGVtLklPLkZpbGVBdHRyaWJ1dGVzXTo6UmVwYXJzZVBvaW50KSB7CiAgICAgICAgICAgICMgQnVnIHdpdGggcG93ZXJzaGVsbCwgaWYgeW91IHRyeSBhbmQgZGVsZXRlIGEgc3ltYm9saWMgbGluayB0aGF0IGlzIHBvaW50aW5nCiAgICAgICAgICAgICMgdG8gYW4gaW52YWxpZCBwYXRoIGl0IHdpbGwgZmFpbCwgdXNpbmcgV2luMzIgQVBJIHRvIGRvIHRoaXMgaW5zdGVhZAogICAgICAgICAgICBpZiAoJGZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrbW9kZSkgewogICAgICAgICAgICAgICAgICAgIFtBbnNpYmxlLkNvbW1hbmQuU3ltTGlua0hlbHBlcl06OkRlbGV0ZURpcmVjdG9yeSgkZmlsZS5GdWxsTmFtZSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgtbm90ICRjaGVja21vZGUpIHsKICAgICAgICAgICAgICAgICAgICBbQW5zaWJsZS5Db21tYW5kLlN5bWxpbmtIZWxwZXJdOjpEZWxldGVGaWxlKCRmaWxlLkZ1bGxOYW1lKQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgUmVtb3ZlLURpcmVjdG9yeSAtZGlyZWN0b3J5ICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIFJlbW92ZS1JdGVtIC1MaXRlcmFsUGF0aCAkZmlsZS5GdWxsTmFtZSAtRm9yY2UgLVdoYXRJZjokY2hlY2ttb2RlCiAgICAgICAgfQogICAgfSBjYXRjaCBbRXhjZXB0aW9uXSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgIkZhaWxlZCB0byBkZWxldGUgJCgkZmlsZS5GdWxsTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQp9CgpmdW5jdGlvbiBSZW1vdmUtRGlyZWN0b3J5KCRkaXJlY3RvcnksICRjaGVja21vZGUpIHsKICAgIGZvcmVhY2ggKCRmaWxlIGluIEdldC1DaGlsZEl0ZW0gJGRpcmVjdG9yeS5GdWxsTmFtZSkgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgfQogICAgUmVtb3ZlLUl0ZW0gLUxpdGVyYWxQYXRoICRkaXJlY3RvcnkuRnVsbE5hbWUgLUZvcmNlIC1SZWN1cnNlIC1XaGF0SWY6JGNoZWNrbW9kZQp9CgoKaWYgKCRzdGF0ZSAtZXEgInRvdWNoIikgewogICAgaWYgKFRlc3QtUGF0aCAtTGl0ZXJhbFBhdGggJHBhdGgpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAoR2V0LUNoaWxkSXRlbSAtTGl0ZXJhbFBhdGggJHBhdGgpLkxhc3RXcml0ZVRpbWUgPSBHZXQtRGF0ZQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlIHsKICAgICAgICBXcml0ZS1PdXRwdXQgJG51bGwgfCBPdXQtRmlsZSAtTGl0ZXJhbFBhdGggJHBhdGggLUVuY29kaW5nIEFTQ0lJIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgppZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkgewogICAgJGZpbGVpbmZvID0gR2V0LUl0ZW0gLUxpdGVyYWxQYXRoICRwYXRoCiAgICBpZiAoJHN0YXRlIC1lcSAiYWJzZW50IikgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlaW5mbyAtY2hlY2ttb2RlICRjaGVja19tb2RlCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGRpcmVjdG9yeSIKICAgICAgICB9CgogICAgICAgIGlmICgkc3RhdGUgLWVxICJmaWxlIiAtYW5kICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGZpbGUiCiAgICAgICAgfQogICAgfQoKfSBlbHNlIHsKCiAgICAjIElmIHN0YXRlIGlzIG5vdCBzdXBwbGllZCwgdGVzdCB0aGUgJHBhdGggdG8gc2VlIGlmIGl0IGxvb2tzIGxpa2UKICAgICMgYSBmaWxlIG9yIGEgZm9sZGVyIGFuZCBzZXQgc3RhdGUgdG8gZmlsZSBvciBmb2xkZXIKICAgIGlmICgkc3RhdGUgLWVxICRudWxsKSB7CiAgICAgICAgJGJhc2VuYW1lID0gU3BsaXQtUGF0aCAtUGF0aCAkcGF0aCAtTGVhZgogICAgICAgIGlmICgkYmFzZW5hbWUubGVuZ3RoIC1ndCAwKSB7CiAgICAgICAgICAgJHN0YXRlID0gImZpbGUiCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAkc3RhdGUgPSAiZGlyZWN0b3J5IgogICAgICAgIH0KICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAiZGlyZWN0b3J5IikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXRoIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIGlmICgkXy5DYXRlZ29yeUluZm8uQ2F0ZWdvcnkgLWVxICJSZXNvdXJjZUV4aXN0cyIpIHsKICAgICAgICAgICAgICAgICRmaWxlaW5mbyA9IEdldC1JdGVtIC1MaXRlcmFsUGF0aCAkXy5DYXRlZ29yeUluZm8uVGFyZ2V0TmFtZQogICAgICAgICAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggaXMgbm90IGEgZGlyZWN0b3J5IgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlaWYgKCRzdGF0ZSAtZXEgImZpbGUiKSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggd2lsbCBub3QgYmUgY3JlYXRlZCIKICAgIH0KCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_syslog_facility": "LOG_USER", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_file", "_ansible_remote_tmp": "%TEMP%", "_ansible_check_mode": false, "_ansible_keep_remote_files": false, "_ansible_verbosity": 3, "_ansible_socket": null, "state": "directory", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\tmp", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: c6493656-bd0f-4857-b6b3-50f3b77ab2a9 Path:	4104	1		3	2	15	0	1880	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4664	4768	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:33 PM	839e3e65-ff4b-0001-1f4d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgI ScriptBlock ID: c6493656-bd0f-4857-b6b3-50f3b77ab2a9 Path:	4104	1		3	2	15	0	1879	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4664	4768	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:33 PM	839e3e65-ff4b-0001-1f4d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1878	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4664	4928	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:33 PM	839e3e65-ff4b-0005-6e5c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4664 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1877	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4664	2520	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:33 PM	839e3e65-ff4b-0005-6e5c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1876	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4664	4928	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:33 PM	839e3e65-ff4b-0005-6e5c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 3198e9c3-86fc-43f4-b04f-53359d428174 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = ecda1fb0-b6f6-456e-b3cd-d45c80e0587b Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1875	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1424	3968	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:33 PM	839e3e65-ff4b-0003-007c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = "Stop" $params = Parse-Args $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -default $false $_remote_tmp = Get-AnsibleParam $params "_ansible_remote_tmp" -type "path" -default $env:TMP $path = Get-AnsibleParam -obj $params -name "path" -type "path" -failifempty $true -aliases "dest","name" $state = Get-AnsibleParam -obj $params -name "state" -type "str" -validateset "absent","directory","file","touch" # used in template/copy when dest is the path to a dir and source is a file $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" if ((Test-Path -Path $path -PathType Container) -and ($null -ne $original_basename)) { $path = Join-Path -Path $path -ChildPath $original_basename } $result = @{ changed = $false } # Used to delete symlinks as powershell cannot delete broken symlinks $symlink_util = @" using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } } "@ $original_tmp = $env:TMP $env:TMP = $_remote_tmp Add-Type -TypeDefinition $symlink_util $env:TMP = $original_tmp # Used to delete directories and files with logic on handling symbolic links function Remove-File($file, $checkmode) { try { if ($file.Attributes -band [System.IO.FileAttributes]::ReparsePoint) { # Bug with powershell, if you try and delete a symbolic link that is pointing # to an invalid path it will fail, using Win32 API to do this instead if ($file.PSIsContainer) { if (-not $checkmode) { [Ansible.Command.SymLinkHelper]::DeleteDirectory($file.FullName) } } else { if (-not $checkmode) { [Ansible.Command.SymlinkHelper]::DeleteFile($file.FullName) } } } elseif ($file.PSIsContainer) { Remove-Directory -directory $file -checkmode $checkmode } else { Remove-Item -LiteralPath $file.FullName -Force -WhatIf:$checkmode } } catch [Exception] { Fail-Json $result "Failed to delete $($file.FullName): $($_.Exception.Message)" } } function Remove-Directory($directory, $checkmode) { foreach ($file in Get-ChildItem $directory.FullName) { Remove-File -file $file -checkmode $checkmode } Remove-Item -LiteralPath $directory.FullName -Force -Recurse -WhatIf:$checkmode } if ($state -eq "touch") { if (Test-Path -LiteralPath $path) { if (-not $check_mode) { (Get-ChildItem -LiteralPath $path).LastWriteTime = Get-Date } $result.changed = $true } else { Write-Output $null | Out-File -LiteralPath $path -Encoding ASCII -WhatIf:$check_mode $result.changed = $true } } if (Test-Path -LiteralPath $path) { $fileinfo = Get-Item -LiteralPath $path if ($state -eq "absent") { Remove-File -file $fileinfo -checkmode $check_mode $result.changed = $true } else { if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } if ($state -eq "file" -and $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a file" } } } else { # If state is not supplied, test the $path to see if it looks like # a file or a folder and set state to file or folder if ($state -eq $null) { $basename = Split-Path -Path $path -Leaf if ($basename.length -gt 0) { $state = "file" } else { $state = "directory" } } if ($state -eq "directory") { try { New-Item -Path $path -ItemType Directory -WhatIf:$check_mode | Out-Null } catch { if ($_.CategoryInfo.Category -eq "ResourceExists") { $fileinfo = Get-Item -LiteralPath $_.CategoryInfo.TargetName if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } } else { Fail-Json $result $_.Exception.Message } } $result.changed = $true } elseif ($state -eq "file") { Fail-Json $result "path $path will not be created" } } Exit-Json $result ScriptBlock ID: d8bd9ccf-720b-46d0-ad2f-71b5e1a5573a Path:	4104	1		3	2	15	0	1874	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1424	3968	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:33 PM	839e3e65-ff4b-0003-f17b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: babe7e6e-849a-4d62-8fcb-534c0a9bd921 Path:	4104	1		3	2	15	0	1873	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1424	4104	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:33 PM	839e3e65-ff4b-0003-e47b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 060a9149-5aa4-4ce0-88ac-f2fd5e0861fd Path:	4104	1		3	2	15	0	1872	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1424	4104	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:32 PM	839e3e65-ff4b-0003-d57b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): CAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtZGVmYXVsdCAkZmFsc2UKJF9yZW1vdGVfdG1wID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJfYW5zaWJsZV9yZW1vdGVfdG1wIiAtdHlwZSAicGF0aCIgLWRlZmF1bHQgJGVudjpUTVAKCiRwYXRoID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInBhdGgiIC10eXBlICJwYXRoIiAtZmFpbGlmZW1wdHkgJHRydWUgLWFsaWFzZXMgImRlc3QiLCJuYW1lIgokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RhdGUiIC10eXBlICJzdHIiIC12YWxpZGF0ZXNldCAiYWJzZW50IiwiZGlyZWN0b3J5IiwiZmlsZSIsInRvdWNoIgoKIyB1c2VkIGluIHRlbXBsYXRlL2NvcHkgd2hlbiBkZXN0IGlzIHRoZSBwYXRoIHRvIGEgZGlyIGFuZCBzb3VyY2UgaXMgYSBmaWxlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCmlmICgoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBDb250YWluZXIpIC1hbmQgKCRudWxsIC1uZSAkb3JpZ2luYWxfYmFzZW5hbWUpKSB7CiAgICAkcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkcGF0aCAtQ2hpbGRQYXRoICRvcmlnaW5hbF9iYXNlbmFtZQp9CgokcmVzdWx0ID0gQHsKICAgIGNoYW5nZWQgPSAkZmFsc2UKfQoKIyBVc2VkIHRvIGRlbGV0ZSBzeW1saW5rcyBhcyBwb3dlcnNoZWxsIGNhbm5vdCBkZWxldGUgYnJva2VuIHN5bWxpbmtzCiRzeW1saW5rX3V0aWwgPSBAIgp1c2luZyBTeXN0ZW07CnVzaW5nIFN5c3RlbS5Db21wb25lbnRNb2RlbDsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwoKbmFtZXNwYWNlIEFuc2libGUuQ29tbWFuZCB7CiAgICBwdWJsaWMgY2xhc3MgU3ltTGlua0hlbHBlciB7CiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIERlbGV0ZUZpbGVXKHN0cmluZyBscEZpbGVOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeVcoc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgRGVsZXRlRGlyZWN0b3J5KHN0cmluZyBwYXRoKSB7CiAgICAgICAgICAgIGlmICghUmVtb3ZlRGlyZWN0b3J5VyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiUmVtb3ZlRGlyZWN0b3J5Vyh7MH0pIGZhaWxlZDogezF9IiwgcGF0aCwgbmV3IFdpbjMyRXhjZXB0aW9uKE1hcnNoYWwuR2V0TGFzdFdpbjMyRXJyb3IoKSkuTWVzc2FnZSkpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUZpbGUoc3RyaW5nIHBhdGgpIHsKICAgICAgICAgICAgaWYgKCFEZWxldGVGaWxlVyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRGVsZXRlRmlsZVcoezB9KSBmYWlsZWQ6IHsxfSIsIHBhdGgsIG5ldyBXaW4zMkV4Y2VwdGlvbihNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCkpLk1lc3NhZ2UpKTsKICAgICAgICB9CiAgICB9Cn0KIkAKJG9yaWdpbmFsX3RtcCA9ICRlbnY6VE1QCiRlbnY6VE1QID0gJF9yZW1vdGVfdG1wCkFkZC1UeXBlIC1UeXBlRGVmaW5pdGlvbiAkc3ltbGlua191dGlsCiRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKIyBVc2VkIHRvIGRlbGV0ZSBkaXJlY3RvcmllcyBhbmQgZmlsZXMgd2l0aCBsb2dpYyBvbiBoYW5kbGluZyBzeW1ib2xpYyBsaW5rcwpmdW5jdGlvbiBSZW1vdmUtRmlsZSgkZmlsZSwgJGNoZWNrbW9kZSkgewogICAgdHJ5IHsKICAgICAgICBpZiAoJGZpbGUuQXR0cmlidXRlcyAtYmFuZCBbU3lzdGVtLklPLkZpbGVBdHRyaWJ1dGVzXTo6UmVwYXJzZVBvaW50KSB7CiAgICAgICAgICAgICMgQnVnIHdpdGggcG93ZXJzaGVsbCwgaWYgeW91IHRyeSBhbmQgZGVsZXRlIGEgc3ltYm9saWMgbGluayB0aGF0IGlzIHBvaW50aW5nCiAgICAgICAgICAgICMgdG8gYW4gaW52YWxpZCBwYXRoIGl0IHdpbGwgZmFpbCwgdXNpbmcgV2luMzIgQVBJIHRvIGRvIHRoaXMgaW5zdGVhZAogICAgICAgICAgICBpZiAoJGZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrbW9kZSkgewogICAgICAgICAgICAgICAgICAgIFtBbnNpYmxlLkNvbW1hbmQuU3ltTGlua0hlbHBlcl06OkRlbGV0ZURpcmVjdG9yeSgkZmlsZS5GdWxsTmFtZSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgtbm90ICRjaGVja21vZGUpIHsKICAgICAgICAgICAgICAgICAgICBbQW5zaWJsZS5Db21tYW5kLlN5bWxpbmtIZWxwZXJdOjpEZWxldGVGaWxlKCRmaWxlLkZ1bGxOYW1lKQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgUmVtb3ZlLURpcmVjdG9yeSAtZGlyZWN0b3J5ICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIFJlbW92ZS1JdGVtIC1MaXRlcmFsUGF0aCAkZmlsZS5GdWxsTmFtZSAtRm9yY2UgLVdoYXRJZjokY2hlY2ttb2RlCiAgICAgICAgfQogICAgfSBjYXRjaCBbRXhjZXB0aW9uXSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgIkZhaWxlZCB0byBkZWxldGUgJCgkZmlsZS5GdWxsTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQp9CgpmdW5jdGlvbiBSZW1vdmUtRGlyZWN0b3J5KCRkaXJlY3RvcnksICRjaGVja21vZGUpIHsKICAgIGZvcmVhY2ggKCRmaWxlIGluIEdldC1DaGlsZEl0ZW0gJGRpcmVjdG9yeS5GdWxsTmFtZSkgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgfQogICAgUmVtb3ZlLUl0ZW0gLUxpdGVyYWxQYXRoICRkaXJlY3RvcnkuRnVsbE5hbWUgLUZvcmNlIC1SZWN1cnNlIC1XaGF0SWY6JGNoZWNrbW9kZQp9CgoKaWYgKCRzdGF0ZSAtZXEgInRvdWNoIikgewogICAgaWYgKFRlc3QtUGF0aCAtTGl0ZXJhbFBhdGggJHBhdGgpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAoR2V0LUNoaWxkSXRlbSAtTGl0ZXJhbFBhdGggJHBhdGgpLkxhc3RXcml0ZVRpbWUgPSBHZXQtRGF0ZQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlIHsKICAgICAgICBXcml0ZS1PdXRwdXQgJG51bGwgfCBPdXQtRmlsZSAtTGl0ZXJhbFBhdGggJHBhdGggLUVuY29kaW5nIEFTQ0lJIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgppZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkgewogICAgJGZpbGVpbmZvID0gR2V0LUl0ZW0gLUxpdGVyYWxQYXRoICRwYXRoCiAgICBpZiAoJHN0YXRlIC1lcSAiYWJzZW50IikgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlaW5mbyAtY2hlY2ttb2RlICRjaGVja19tb2RlCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGRpcmVjdG9yeSIKICAgICAgICB9CgogICAgICAgIGlmICgkc3RhdGUgLWVxICJmaWxlIiAtYW5kICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGZpbGUiCiAgICAgICAgfQogICAgfQoKfSBlbHNlIHsKCiAgICAjIElmIHN0YXRlIGlzIG5vdCBzdXBwbGllZCwgdGVzdCB0aGUgJHBhdGggdG8gc2VlIGlmIGl0IGxvb2tzIGxpa2UKICAgICMgYSBmaWxlIG9yIGEgZm9sZGVyIGFuZCBzZXQgc3RhdGUgdG8gZmlsZSBvciBmb2xkZXIKICAgIGlmICgkc3RhdGUgLWVxICRudWxsKSB7CiAgICAgICAgJGJhc2VuYW1lID0gU3BsaXQtUGF0aCAtUGF0aCAkcGF0aCAtTGVhZgogICAgICAgIGlmICgkYmFzZW5hbWUubGVuZ3RoIC1ndCAwKSB7CiAgICAgICAgICAgJHN0YXRlID0gImZpbGUiCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAkc3RhdGUgPSAiZGlyZWN0b3J5IgogICAgICAgIH0KICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAiZGlyZWN0b3J5IikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXRoIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIGlmICgkXy5DYXRlZ29yeUluZm8uQ2F0ZWdvcnkgLWVxICJSZXNvdXJjZUV4aXN0cyIpIHsKICAgICAgICAgICAgICAgICRmaWxlaW5mbyA9IEdldC1JdGVtIC1MaXRlcmFsUGF0aCAkXy5DYXRlZ29yeUluZm8uVGFyZ2V0TmFtZQogICAgICAgICAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggaXMgbm90IGEgZGlyZWN0b3J5IgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlaWYgKCRzdGF0ZSAtZXEgImZpbGUiKSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggd2lsbCBub3QgYmUgY3JlYXRlZCIKICAgIH0KCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_syslog_facility": "LOG_USER", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_file", "_ansible_remote_tmp": "%TEMP%", "_ansible_check_mode": false, "_ansible_keep_remote_files": false, "_ansible_verbosity": 3, "_ansible_socket": null, "state": "directory", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\bin", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 653568f0-a81c-4b2b-a9ca-c9615742f375 Path:	4104	1		3	2	15	0	1871	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1424	4104	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:32 PM	839e3e65-ff4b-0003-cf7b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKI ScriptBlock ID: 653568f0-a81c-4b2b-a9ca-c9615742f375 Path:	4104	1		3	2	15	0	1870	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1424	4104	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:32 PM	839e3e65-ff4b-0003-cf7b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1869	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1424	4312	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:32 PM	839e3e65-ff4b-0005-675c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1424 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1868	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1424	4324	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:32 PM	839e3e65-ff4b-0005-675c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1867	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1424	4312	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:32 PM	839e3e65-ff4b-0005-675c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1866	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4260	2008	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:31 PM	839e3e65-ff4b-0005-635c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4260 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1865	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4260	2116	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:31 PM	839e3e65-ff4b-0005-635c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1864	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4260	2008	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:31 PM	839e3e65-ff4b-0005-635c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 53dd5b00-8302-4bff-aa04-24c23214dc57 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 960a054b-fb7e-47c6-a5b3-14923cb9d645 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1863	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1132	4192	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:31 PM	839e3e65-ff4b-0002-f7e6-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: b22beffb-8e41-4e42-bf9f-e6c4106d40d0 Path:	4104	1		3	2	15	0	1862	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1132	3896	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:30 PM	839e3e65-ff4b-0000-6353-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: c99d8a3a-47ec-4fa0-a09a-d61cd72f0479 Path:	4104	1		3	2	15	0	1861	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1132	3896	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:30 PM	839e3e65-ff4b-0001-0c4d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: fa1c0142-d26d-4d58-9a36-c5ae9cc15d71 Path:	4104	1		3	2	15	0	1860	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1132	3896	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:30 PM	839e3e65-ff4b-0000-5253-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): XctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "net user administrator Passw0rd", "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: b381e03b-4602-4f59-9a22-4ec2d486d812 Path:	4104	1		3	2	15	0	1859	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1132	3896	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:30 PM	839e3e65-ff4b-0000-4c53-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): 0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZ ScriptBlock ID: b381e03b-4602-4f59-9a22-4ec2d486d812 Path:	4104	1		3	2	15	0	1858	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1132	3896	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:30 PM	839e3e65-ff4b-0000-4c53-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V ScriptBlock ID: b381e03b-4602-4f59-9a22-4ec2d486d812 Path:	4104	1		3	2	15	0	1857	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1132	3896	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:30 PM	839e3e65-ff4b-0000-4c53-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1856	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1132	1140	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:29 PM	839e3e65-ff4b-0004-0151-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1132 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1855	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1132	4836	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:29 PM	839e3e65-ff4b-0004-0151-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1854	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1132	1140	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:29 PM	839e3e65-ff4b-0004-0151-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 4c714a76-a258-4c1a-b7c5-114cd7592885 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 57af5d1a-54c4-4a90-9c22-731af7489c65 Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 35 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1853	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1352	4184	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:24 PM	839e3e65-ff4b-0003-7e7b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $_.$guid_key -eq $adapter.SettingID } ScriptBlock ID: ef434006-3c5c-441b-99e7-753d3a15cc23 Path:	4104	1		3	2	15	0	1852	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1352	4184	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:24 PM	839e3e65-ff4b-0003-787b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Error Message = The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The term 'facter' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Fully Qualified Error ID = CommandNotFoundException,Microsoft.PowerShell.Commands.GetCommandCommand Context: Severity = Warning Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 4c714a76-a258-4c1a-b7c5-114cd7592885 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 57af5d1a-54c4-4a90-9c22-731af7489c65 Pipeline ID = 5 Command Name = Get-Command Command Type = Cmdlet Script Name = Command Path = Sequence Number = 33 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4100	1		3	106	19	0	1851	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1352	4184	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:24 PM	839e3e65-ff4b-0003-707b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	To be used when an exception is raised	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2018, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy Function Get-CustomFacts { [cmdletBinding()] param ( [Parameter(mandatory=$false)] $factpath = $null ) if (-not (Test-Path -Path $factpath)) { Fail-Json $result "The path $factpath does not exist. Typo?" } $FactsFiles = Get-ChildItem -Path $factpath | Where-Object -FilterScript {($PSItem.PSIsContainer -eq $false) -and ($PSItem.Extension -eq '.ps1')} foreach ($FactsFile in $FactsFiles) { $out = & $($FactsFile.FullName) $result.ansible_facts.Add("ansible_$(($FactsFile.Name).Split('.')[0])", $out) } } Function Get-MachineSid { # The Machine SID is stored in HKLM:\SECURITY\SAM\Domains\Account and is # only accessible by the Local System account. This method get's the local # admin account (ends with -500) and lops it off to get the machine sid. $admins_sid = "S-1-5-32-544" $admin_group = ([Security.Principal.SecurityIdentifier]$admins_sid).Translate([Security.Principal.NTAccount]).Value Add-Type -AssemblyName System.DirectoryServices.AccountManagement $principal_context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine) $group_principal = New-Object -TypeName System.DirectoryServices.AccountManagement.GroupPrincipal($principal_context, $admin_group) $searcher = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalSearcher($group_principal) $groups = $searcher.FindOne() $machine_sid = $null foreach ($user in $groups.Members) { $user_sid = $user.Sid if ($user_sid.Value.EndsWith("-500")) { $machine_sid = $user_sid.AccountDomainSid.Value break } } return $machine_sid } $cim_instances = @{} Function Get-LazyCimInstance([string]$instance_name, [string]$namespace="Root\CIMV2") { if(-not $cim_instances.ContainsKey($instance_name)) { $cim_instances[$instance_name] = $(Get-CimInstance -Namespace $namespace -ClassName $instance_name) } return $cim_instances[$instance_name] } $result = @{ ansible_facts = @{ } changed = $false } $grouped_subsets = @{ min=[System.Collections.Generic.List[string]]@('date_time','distribution','dns','env','local','platform','powershell_version','user') network=[System.Collections.Generic.List[string]]@('all_ipv4_addresses','all_ipv6_addresses','interfaces','windows_domain', 'winrm') hardware=[System.Collections.Generic.List[string]]@('bios','memory','processor','uptime') external=[System.Collections.Generic.List[string]]@('facter') } # build "all" set from everything mentioned in the group- this means every value must be in at least one subset to be considered legal $all_set = [System.Collections.Generic.HashSet[string]]@() foreach($kv in $grouped_subsets.GetEnumerator()) { [void] $all_set.UnionWith($kv.Value) } # dynamically create an "all" subset now that we know what should be in it $grouped_subsets['all'] = [System.Collections.Generic.List[string]]$all_set # start with all, build up gather and exclude subsets $gather_subset = [System.Collections.Generic.HashSet[string]]$grouped_subsets.all $explicit_subset = [System.Collections.Generic.HashSet[string]]@() $exclude_subset = [System.Collections.Generic.HashSet[string]]@() $params = Parse-Args $args -supports_check_mode $true $factpath = Get-AnsibleParam -obj $params -name "fact_path" -type "path" $gather_subset_source = Get-AnsibleParam -obj $params -name "gather_subset" -type "list" -default "all" foreach($item in $gather_subset_source) { if(([string]$item).StartsWith("!")) { $item = ([string]$item).Substring(1) if($item -eq "all") { $all_minus_min = [System.Collections.Generic.HashSet[string]]@($all_set) [void] $all_minus_min.ExceptWith($grouped_subsets.min) [void] $exclude_subset.UnionWith($all_minus_min) } elseif($grouped_subsets.ContainsKey($item)) { [void] $exclude_subset.UnionWith($grouped_subsets[$item]) } elseif($all_set.Contains($item)) { [void] $exclude_subset.Add($item) } # NB: invalid exclude values are ignored, since that's what posix setup does } else { if($grouped_subsets.ContainsKey($item)) { [void] $explicit_subset.UnionWith($grouped_subsets[$item]) } elseif($all_set.Contains($item)) { [void] $explicit_subset.Add($item) } else { # NB: POSIX setup fails on invalid value; we warn, because we don't implement the same set as POSIX # and we don't have platform-specific config for this... Add-Warning $result "invalid value $item specified in gather_subset" } } } [void] $gather_subset.ExceptWith($exclude_subset) [void] $gather_subset.UnionWith($explicit_subset) $ansible_facts = @{ gather_subset=@($gather_subset_source) module_setup=$true } $osversion = [Environment]::OSVersion if($gather_subset.Contains('all_ipv4_addresses') -or $gather_subset.Contains('all_ipv6_addresses')) { $netcfg = Get-LazyCimInstance Win32_NetworkAdapterConfiguration # TODO: split v4/v6 properly, return in separate keys $ips = @() Foreach ($ip in $netcfg.IPAddress) { If ($ip) { $ips += $ip } } $ansible_facts += @{ ansible_ip_addresses = $ips } } if($gather_subset.Contains('bios')) { $win32_bios = Get-LazyCimInstance Win32_Bios $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $ansible_facts += @{ ansible_bios_date = $win32_bios.ReleaseDate.ToString("MM/dd/yyyy") ansible_bios_version = $win32_bios.SMBIOSBIOSVersion ansible_product_name = $win32_cs.Model.Trim() ansible_product_serial = $win32_bios.SerialNumber # ansible_product_version = ([string] $win32_cs.SystemFamily) } } if($gather_subset.Contains('date_time')) { $datetime = (Get-Date) $datetime_utc = $datetime.ToUniversalTime() $date = @{ date = $datetime.ToString("yyyy-MM-dd") day = $datetime.ToString("dd") epoch = (Get-Date -UFormat "%s") hour = $datetime.ToString("HH") iso8601 = $datetime_utc.ToString("yyyy-MM-ddTHH:mm:ssZ") iso8601_basic = $datetime.ToString("yyyyMMddTHHmmssffffff") iso8601_basic_short = $datetime.ToString("yyyyMMddTHHmmss") iso8601_micro = $datetime_utc.ToString("yyyy-MM-ddTHH:mm:ss.ffffffZ") minute = $datetime.ToString("mm") month = $datetime.ToString("MM") second = $datetime.ToString("ss") time = $datetime.ToString("HH:mm:ss") tz = ([System.TimeZoneInfo]::Local.Id) tz_offset = $datetime.ToString("zzzz") # Ensure that the weekday is in English weekday = $datetime.ToString("dddd", [System.Globalization.CultureInfo]::InvariantCulture) weekday_number = (Get-Date -UFormat "%w") weeknumber = (Get-Date -UFormat "%W") year = $datetime.ToString("yyyy") } $ansible_facts += @{ ansible_date_time = $date } } if($gather_subset.Contains('distribution')) { $win32_os = Get-LazyCimInstance Win32_OperatingSystem $product_type = switch($win32_os.ProductType) { 1 { "workstation" } 2 { "domain_controller" } 3 { "server" } default { "unknown" } } $ansible_facts += @{ ansible_distribution = $win32_os.Caption ansible_distribution_version = $osversion.Version.ToString() ansible_distribution_major_version = $osversion.Version.Major.ToString() ansible_os_family = "Windows" ansible_os_name = ($win32_os.Name.Split('|')[0]).Trim() ansible_os_product_type = $product_type } } if($gather_subset.Contains('env')) { $env_vars = @{ } foreach ($item in Get-ChildItem Env:) { $name = $item | select -ExpandProperty Name # Powershell ConvertTo-Json fails if string ends with \ $value = ($item | select -ExpandProperty Value).TrimEnd("\") $env_vars.Add($name, $value) } $ansible_facts += @{ ansible_env = $env_vars } } if($gather_subset.Contains('facter')) { # See if Facter is on the System Path Try { $facter_exe = Get-Command facter -ErrorAction Stop $facter_installed = $true } Catch { $facter_installed = $false } # Get JSON from Facter, and parse it out. if ($facter_installed) { &facter -j | Tee-Object -Variable facter_output | Out-Null $facts = "$facter_output" | ConvertFrom-Json ForEach($fact in $facts.PSObject.Properties) { $fact_name = $fact.Name $ansible_facts.Add("facter_$fact_name", $fact.Value) } } } if($gather_subset.Contains('interfaces')) { $netcfg = Get-LazyCimInstance Win32_NetworkAdapterConfiguration $ActiveNetcfg = @() $ActiveNetcfg += $netcfg | where {$_.ipaddress -ne $null} $namespaces = Get-LazyCimInstance __Namespace -namespace root if ($namespaces | Where-Object { $_.Name -eq "StandardCimv" }) { $net_adapters = Get-LazyCimInstance MSFT_NetAdapter -namespace Root\StandardCimv2 $guid_key = "InterfaceGUID" $name_key = "Name" } else { $net_adapters = Get-LazyCimInstance Win32_NetworkAdapter $guid_key = "GUID" $name_key = "NetConnectionID" } $formattednetcfg = @() foreach ($adapter in $ActiveNetcfg) { $thisadapter = @{ default_gateway = $null connection_name = $null dns_domain = $adapter.dnsdomain interface_index = $adapter.InterfaceIndex interface_name = $adapter.description macaddress = $adapter.macaddress } if ($adapter.defaultIPGateway) { $thisadapter.default_gateway = $adapter.DefaultIPGateway[0].ToString() } $net_adapter = $net_adapters | Where-Object { $_.$guid_key -eq $adapter.SettingID } if ($net_adapter) { $thisadapter.connection_name = $net_adapter.$name_key } $formattednetcfg += $thisadapter } $ansible_facts += @{ ansible_interfaces = $formattednetcfg } } if ($gather_subset.Contains("local") -and $factpath -ne $null) { # Get any custom facts; results are updated in the Get-CustomFacts -factpath $factpath } if($gather_subset.Contains('memory')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ansible_facts += @{ # Win32_PhysicalMemory is empty on some virtual platforms ansible_memtotal_mb = ([math]::round($win32_cs.TotalPhysicalMemory / 1024 / 1024)) ansible_swaptotal_mb = ([math]::round($win32_os.TotalSwapSpaceSize / 1024 / 1024)) } } if($gather_subset.Contains('platform')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ip_props = [System.Net.NetworkInformation.IPGlobalProperties]::GetIPGlobalProperties() $ansible_facts += @{ ansible_architecture = $win32_os.OSArchitecture ansible_domain = $ip_props.DomainName ansible_fqdn = ($ip_props.Hostname + "." + $ip_props.DomainName) ansible_hostname = $env:COMPUTERNAME ansible_kernel = $osversion.Version.ToString() ansible_nodename = ($ip_props.HostName + "." + $ip_props.DomainName) ansible_machine_id = Get-MachineSid ansible_owner_contact = ([string] $win32_cs.PrimaryOwnerContact) ansible_owner_name = ([string] $win32_cs.PrimaryOwnerName) # FUTURE: should this live in its own subset? ansible_reboot_pending = (Get-PendingRebootStatus) ansible_system = $osversion.Platform.ToString() ansible_system_description = ([string] $win32_os.Description) ansible_system_vendor = $win32_cs.Manufacturer } } if($gather_subset.Contains('powershell_version')) { $ansible_facts += @{ ansible_powershell_version = ($PSVersionTable.PSVersion.Major) } } if($gather_subset.Contains('processor')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_cpu = Get-LazyCimInstance Win32_Processor if ($win32_cpu -is [array]) { # multi-socket, pick first $win32_cpu = $win32_cpu[0] } $cpu_list = @( ) for ($i=1; $i -le ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors); $i++) { $cpu_list += $win32_cpu.Manufacturer $cpu_list += $win32_cpu.Name } $ansible_facts += @{ ansible_processor = $cpu_list ansible_processor_cores = $win32_cpu.NumberOfCores ansible_processor_count = $win32_cs.NumberOfProcessors ansible_processor_threads_per_core = ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors / $win32_cpu.NumberOfCores) ansible_processor_vcpus = ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors) } } if($gather_subset.Contains('uptime')) { $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ansible_facts += @{ ansible_lastboot = $win32_os.lastbootuptime.ToString("u") ansible_uptime_seconds = $([System.Convert]::ToInt64($(Get-Date).Subtract($win32_os.lastbootuptime).TotalSeconds)) } } if($gather_subset.Contains('user')) { $user = [Security.Principal.WindowsIdentity]::GetCurrent() $ansible_facts += @{ ansible_user_dir = $env:userprofile # Win32_UserAccount.FullName is probably the right thing here, but it can be expensive to get on large domains ansible_user_gecos = "" ansible_user_id = $env:username ansible_user_sid = $user.User.Value } } if($gather_subset.Contains('windows_domain')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $domain_roles = @{ 0 = "Stand-alone workstation" 1 = "Member workstation" 2 = "Stand-alone server" 3 = "Member server" 4 = "Backup domain controller" 5 = "Primary domain controller" } $domain_role = $domain_roles.Get_Item([Int32]$win32_cs.DomainRole) $ansible_facts += @{ ansible_windows_domain = $win32_cs.Domain ansible_windows_domain_member = $win32_cs.PartOfDomain ansible_windows_domain_role = $domain_role } } if($gather_subset.Contains('winrm')) { $winrm_https_listener_parent_paths = Get-ChildItem -Path WSMan:\localhost\Listener -Recurse | Where-Object {$_.PSChildName -eq "Transport" -and $_.Value -eq "HTTPS"} | select PSParentPath if ($winrm_https_listener_parent_paths -isnot [array]) { $winrm_https_listener_parent_paths = @($winrm_https_listener_parent_paths) } $winrm_https_listener_paths = @() foreach ($winrm_https_listener_parent_path in $winrm_https_listener_parent_paths) { $winrm_https_listener_paths += $winrm_https_listener_parent_path.PSParentPath.Substring($winrm_https_listener_parent_path.PSParentPath.LastIndexOf("\")) } $https_listeners = @() foreach ($winrm_https_listener_path in $winrm_https_listener_paths) { $https_listeners += Get-ChildItem -Path "WSMan:\localhost\Listener$winrm_https_listener_path" } $winrm_cert_thumbprints = @() foreach ($https_listener in $https_listeners) { $winrm_cert_thumbprints += $https_listener | where {$_.Name -EQ "CertificateThumbprint" } | select Value } $winrm_cert_expiry = @() foreach ($winrm_cert_thumbprint in $winrm_cert_thumbprints) { Try { $winrm_cert_expiry += Get-ChildItem -Path Cert:\LocalMachine\My | where Thumbprint -EQ $winrm_cert_thumbprint.Value.ToString().ToUpper() | select NotAfter } Catch {} } $winrm_cert_expirations = $winrm_cert_expiry | Sort-Object NotAfter if ($winrm_cert_expirations) { # this fact was renamed from ansible_winrm_certificate_expires due to collision with ansible_winrm_X connection var pattern $ansible_facts.Add("ansible_win_rm_certificate_expires", $winrm_cert_expirations[0].NotAfter.ToString("yyyy-MM-dd HH:mm:ss")) } } $result.ansible_facts += $ansible_facts Exit-Json $result ScriptBlock ID: df1eb227-890d-4fb7-98d8-2fc65b4abcaa Path:	4104	1		3	2	15	0	1850	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1352	4184	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:22 PM	839e3e65-ff4b-0003-e97a-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 928e3d7b-e3d5-4ae5-89d4-c509a469a89c Path:	4104	1		3	2	15	0	1849	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1352	3156	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:22 PM	839e3e65-ff4b-0003-dc7a-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: df9c9249-b681-4f72-901c-e8c742c8c287 Path:	4104	1		3	2	15	0	1848	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1352	3156	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:22 PM	839e3e65-ff4b-0003-cd7a-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): mVjdCB7ICRfLiRndWlkX2tleSAtZXEgJGFkYXB0ZXIuU2V0dGluZ0lEIH0KICAgICAgICBpZiAoJG5ldF9hZGFwdGVyKSB7CiAgICAgICAgICAgICR0aGlzYWRhcHRlci5jb25uZWN0aW9uX25hbWUgPSAkbmV0X2FkYXB0ZXIuJG5hbWVfa2V5CiAgICAgICAgfQoKICAgICAgICAkZm9ybWF0dGVkbmV0Y2ZnICs9ICR0aGlzYWRhcHRlcgogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9pbnRlcmZhY2VzID0gJGZvcm1hdHRlZG5ldGNmZwogICAgfQp9CgppZiAoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoImxvY2FsIikgLWFuZCAkZmFjdHBhdGggLW5lICRudWxsKSB7CiAgICAjIEdldCBhbnkgY3VzdG9tIGZhY3RzOyByZXN1bHRzIGFyZSB1cGRhdGVkIGluIHRoZQogICAgR2V0LUN1c3RvbUZhY3RzIC1mYWN0cGF0aCAkZmFjdHBhdGgKfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ21lbW9yeScpKSB7CiAgICAkd2luMzJfY3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX0NvbXB1dGVyU3lzdGVtCiAgICAkd2luMzJfb3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX09wZXJhdGluZ1N5c3RlbQogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICAjIFdpbjMyX1BoeXNpY2FsTWVtb3J5IGlzIGVtcHR5IG9uIHNvbWUgdmlydHVhbCBwbGF0Zm9ybXMKICAgICAgICBhbnNpYmxlX21lbXRvdGFsX21iID0gKFttYXRoXTo6cm91bmQoJHdpbjMyX2NzLlRvdGFsUGh5c2ljYWxNZW1vcnkgLyAxMDI0IC8gMTAyNCkpCiAgICAgICAgYW5zaWJsZV9zd2FwdG90YWxfbWIgPSAoW21hdGhdOjpyb3VuZCgkd2luMzJfb3MuVG90YWxTd2FwU3BhY2VTaXplIC8gMTAyNCAvIDEwMjQpKQogICAgfQp9CgoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ3BsYXRmb3JtJykpIHsKICAgICR3aW4zMl9jcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfQ29tcHV0ZXJTeXN0ZW0KICAgICR3aW4zMl9vcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfT3BlcmF0aW5nU3lzdGVtCiAgICAkaXBfcHJvcHMgPSBbU3lzdGVtLk5ldC5OZXR3b3JrSW5mb3JtYXRpb24uSVBHbG9iYWxQcm9wZXJ0aWVzXTo6R2V0SVBHbG9iYWxQcm9wZXJ0aWVzKCkKCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfYXJjaGl0ZWN0dXJlID0gJHdpbjMyX29zLk9TQXJjaGl0ZWN0dXJlCiAgICAgICAgYW5zaWJsZV9kb21haW4gPSAkaXBfcHJvcHMuRG9tYWluTmFtZQogICAgICAgIGFuc2libGVfZnFkbiA9ICgkaXBfcHJvcHMuSG9zdG5hbWUgKyAiLiIgKyAkaXBfcHJvcHMuRG9tYWluTmFtZSkKICAgICAgICBhbnNpYmxlX2hvc3RuYW1lID0gJGVudjpDT01QVVRFUk5BTUUKICAgICAgICBhbnNpYmxlX2tlcm5lbCA9ICRvc3ZlcnNpb24uVmVyc2lvbi5Ub1N0cmluZygpCiAgICAgICAgYW5zaWJsZV9ub2RlbmFtZSA9ICgkaXBfcHJvcHMuSG9zdE5hbWUgKyAiLiIgKyAkaXBfcHJvcHMuRG9tYWluTmFtZSkKICAgICAgICBhbnNpYmxlX21hY2hpbmVfaWQgPSBHZXQtTWFjaGluZVNpZAogICAgICAgIGFuc2libGVfb3duZXJfY29udGFjdCA9IChbc3RyaW5nXSAkd2luMzJfY3MuUHJpbWFyeU93bmVyQ29udGFjdCkKICAgICAgICBhbnNpYmxlX293bmVyX25hbWUgPSAoW3N0cmluZ10gJHdpbjMyX2NzLlByaW1hcnlPd25lck5hbWUpCiAgICAgICAgIyBGVVRVUkU6IHNob3VsZCB0aGlzIGxpdmUgaW4gaXRzIG93biBzdWJzZXQ/CiAgICAgICAgYW5zaWJsZV9yZWJvb3RfcGVuZGluZyA9IChHZXQtUGVuZGluZ1JlYm9vdFN0YXR1cykKICAgICAgICBhbnNpYmxlX3N5c3RlbSA9ICRvc3ZlcnNpb24uUGxhdGZvcm0uVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfc3lzdGVtX2Rlc2NyaXB0aW9uID0gKFtzdHJpbmddICR3aW4zMl9vcy5EZXNjcmlwdGlvbikKICAgICAgICBhbnNpYmxlX3N5c3RlbV92ZW5kb3IgPSAkd2luMzJfY3MuTWFudWZhY3R1cmVyCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdwb3dlcnNoZWxsX3ZlcnNpb24nKSkgewogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICBhbnNpYmxlX3Bvd2Vyc2hlbGxfdmVyc2lvbiA9ICgkUFNWZXJzaW9uVGFibGUuUFNWZXJzaW9uLk1ham9yKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygncHJvY2Vzc29yJykpIHsKICAgICR3aW4zMl9jcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfQ29tcHV0ZXJTeXN0ZW0KICAgICR3aW4zMl9jcHUgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX1Byb2Nlc3NvcgogICAgaWYgKCR3aW4zMl9jcHUgLWlzIFthcnJheV0pIHsKICAgICAgICAjIG11bHRpLXNvY2tldCwgcGljayBmaXJzdAogICAgICAgICR3aW4zMl9jcHUgPSAkd2luMzJfY3B1WzBdCiAgICB9CgogICAgJGNwdV9saXN0ID0gQCggKQogICAgZm9yICgkaT0xOyAkaSAtbGUgKCR3aW4zMl9jcHUuTnVtYmVyT2ZMb2dpY2FsUHJvY2Vzc29ycyAvICR3aW4zMl9jcy5OdW1iZXJPZlByb2Nlc3NvcnMpOyAkaSsrKSB7CiAgICAgICAgJGNwdV9saXN0ICs9ICR3aW4zMl9jcHUuTWFudWZhY3R1cmVyCiAgICAgICAgJGNwdV9saXN0ICs9ICR3aW4zMl9jcHUuTmFtZQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9wcm9jZXNzb3IgPSAkY3B1X2xpc3QKICAgICAgICBhbnNpYmxlX3Byb2Nlc3Nvcl9jb3JlcyA9ICR3aW4zMl9jcHUuTnVtYmVyT2ZDb3JlcwogICAgICAgIGFuc2libGVfcHJvY2Vzc29yX2NvdW50ID0gJHdpbjMyX2NzLk51bWJlck9mUHJvY2Vzc29ycwogICAgICAgIGFuc2libGVfcHJvY2Vzc29yX3RocmVhZHNfcGVyX2NvcmUgPSAoJHdpbjMyX2NwdS5OdW1iZXJPZkxvZ2ljYWxQcm9jZXNzb3JzIC8gJHdpbjMyX2NzLk51bWJlck9mUHJvY2Vzc29ycyAvICR3aW4zMl9jcHUuTnVtYmVyT2ZDb3JlcykKICAgICAgICBhbnNpYmxlX3Byb2Nlc3Nvcl92Y3B1cyA9ICgkd2luMzJfY3B1Lk51bWJlck9mTG9naWNhbFByb2Nlc3NvcnMgLyAkd2luMzJfY3MuTnVtYmVyT2ZQcm9jZXNzb3JzKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygndXB0aW1lJykpIHsKICAgICR3aW4zMl9vcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfT3BlcmF0aW5nU3lzdGVtCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfbGFzdGJvb3QgPSAkd2luMzJfb3MubGFzdGJvb3R1cHRpbWUuVG9TdHJpbmcoInUiKQogICAgICAgIGFuc2libGVfdXB0aW1lX3NlY29uZHMgPSAkKFtTeXN0ZW0uQ29udmVydF06OlRvSW50NjQoJChHZXQtRGF0ZSkuU3VidHJhY3QoJHdpbjMyX29zLmxhc3Rib290dXB0aW1lKS5Ub3RhbFNlY29uZHMpKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygndXNlcicpKSB7CiAgICAkdXNlciA9IFtTZWN1cml0eS5QcmluY2lwYWwuV2luZG93c0lkZW50aXR5XTo6R2V0Q3VycmVudCgpCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfdXNlcl9kaXIgPSAkZW52OnVzZXJwcm9maWxlCiAgICAgICAgIyBXaW4zMl9Vc2VyQWNjb3VudC5GdWxsTmFtZSBpcyBwcm9iYWJseSB0aGUgcmlnaHQgdGhpbmcgaGVyZSwgYnV0IGl0IGNhbiBiZSBleHBlbnNpdmUgdG8gZ2V0IG9uIGxhcmdlIGRvbWFpbnMKICAgICAgICBhbnNpYmxlX3VzZXJfZ2Vjb3MgPSAiIgogICAgICAgIGFuc2libGVfdXNlcl9pZCA9ICRlbnY6dXNlcm5hbWUKICAgICAgICBhbnNpYmxlX3VzZXJfc2lkID0gJHVzZXIuVXNlci5WYWx1ZQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnd2luZG93c19kb21haW4nKSkgewogICAgJHdpbjMyX2NzID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9Db21wdXRlclN5c3RlbQogICAgJGRvbWFpbl9yb2xlcyA9IEB7CiAgICAgICAgMCA9ICJTdGFuZC1hbG9uZSB3b3Jrc3RhdGlvbiIKICAgICAgICAxID0gIk1lbWJlciB3b3Jrc3RhdGlvbiIKICAgICAgICAyID0gIlN0YW5kLWFsb25lIHNlcnZlciIKICAgICAgICAzID0gIk1lbWJlciBzZXJ2ZXIiCiAgICAgICAgNCA9ICJCYWNrdXAgZG9tYWluIGNvbnRyb2xsZXIiCiAgICAgICAgNSA9ICJQcmltYXJ5IGRvbWFpbiBjb250cm9sbGVyIgogICAgfQoKICAgICRkb21haW5fcm9sZSA9ICRkb21haW5fcm9sZXMuR2V0X0l0ZW0oW0ludDMyXSR3aW4zMl9jcy5Eb21haW5Sb2xlKQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV93aW5kb3dzX2RvbWFpbiA9ICR3aW4zMl9jcy5Eb21haW4KICAgICAgICBhbnNpYmxlX3dpbmRvd3NfZG9tYWluX21lbWJlciA9ICR3aW4zMl9jcy5QYXJ0T2ZEb21haW4KICAgICAgICBhbnNpYmxlX3dpbmRvd3NfZG9tYWluX3JvbGUgPSAkZG9tYWluX3JvbGUKICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ3dpbnJtJykpIHsKCiAgICAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGFyZW50X3BhdGhzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCBXU01hbjpcbG9jYWxob3N0XExpc3RlbmVyIC1SZWN1cnNlIHwgV2hlcmUtT2JqZWN0IHskXy5QU0NoaWxkTmFtZSAtZXEgIlRyYW5zcG9ydCIgLWFuZCAkXy5WYWx1ZSAtZXEgIkhUVFBTIn0gfCBzZWxlY3QgUFNQYXJlbnRQYXRoCiAgICBpZiAoJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocyAtaXNub3QgW2FycmF5XSkgewogICAgICAgJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocyA9IEAoJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocykKICAgIH0KCiAgICAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aHMgPSBAKCkKICAgIGZvcmVhY2ggKCR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aCBpbiAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGFyZW50X3BhdGhzKSB7CiAgICAgICAgJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhdGhzICs9ICR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aC5QU1BhcmVudFBhdGguU3Vic3RyaW5nKCR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aC5QU1BhcmVudFBhdGguTGFzdEluZGV4T2YoIlwiKSkKICAgIH0KCiAgICAkaHR0cHNfbGlzdGVuZXJzID0gQCgpCiAgICBmb3JlYWNoICgkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aCBpbiAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aHMpIHsKICAgICAgICAkaHR0cHNfbGlzdGVuZXJzICs9IEdldC1DaGlsZEl0ZW0gLVBhdGggIldTTWFuOlxsb2NhbGhvc3RcTGlzdGVuZXIkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aCIKICAgIH0KCiAgICAkd2lucm1fY2VydF90aHVtYnByaW50cyA9IEAoKQogICAgZm9yZWFjaCAoJGh0dHBzX2xpc3RlbmVyIGluICRodHRwc19saXN0ZW5lcnMpIHsKICAgICAgICAkd2lucm1fY2VydF90aHVtYnByaW50cyArPSAkaHR0cHNfbGlzdGVuZXIgfCB3aGVyZSB7JF8uTmFtZSAtRVEgIkNlcnRpZmljYXRlVGh1bWJwcmludCIgfSB8IHNlbGVjdCBWYWx1ZQogICAgfQoKICAgICR3aW5ybV9jZXJ0X2V4cGlyeSA9IEAoKQogICAgZm9yZWFjaCAoJHdpbnJtX2NlcnRfdGh1bWJwcmludCBpbiAkd2lucm1fY2VydF90aHVtYnByaW50cykgewogICAgICAgIFRyeSB7CiAgICAgICAgICAgICR3aW5ybV9jZXJ0X2V4cGlyeSArPSBHZXQtQ2hpbGRJdGVtIC1QYXRoIENlcnQ6XExvY2FsTWFjaGluZVxNeSB8IHdoZXJlIFRodW1icHJpbnQgLUVRICR3aW5ybV9jZXJ0X3RodW1icHJpbnQuVmFsdWUuVG9TdHJpbmcoKS5Ub1VwcGVyKCkgfCBzZWxlY3QgTm90QWZ0ZXIKICAgICAgICB9IENhdGNoIHt9CiAgICB9CgogICAgJHdpbnJtX2NlcnRfZXhwaXJhdGlvbnMgPSAkd2lucm1fY2VydF9leHBpcnkgfCBTb3J0LU9iamVjdCBOb3RBZnRlcgogICAgaWYgKCR3aW5ybV9jZXJ0X2V4cGlyYXRpb25zKSB7CiAgICAgICAgIyB0aGlzIGZhY3Qgd2FzIHJlbmFtZWQgZnJvbSBhbnNpYmxlX3dpbnJtX2NlcnRpZmljYXRlX2V4cGlyZXMgZHVlIHRvIGNvbGxpc2lvbiB3aXRoIGFuc2libGVfd2lucm1fWCBjb25uZWN0aW9uIHZhciBwYXR0ZXJuCiAgICAgICAgJGFuc2libGVfZmFjdHMuQWRkKCJhbnNpYmxlX3dpbl9ybV9jZXJ0aWZpY2F0ZV9leHBpcmVzIiwgJHdpbnJtX2NlcnRfZXhwaXJhdGlvbnNbMF0uTm90QWZ0ZXIuVG9TdHJpbmcoInl5eXktTU0tZGQgSEg6bW06c3MiKSkKICAgIH0KfQoKJHJlc3VsdC5hbnNpYmxlX2ZhY3RzICs9ICRhbnNpYmxlX2ZhY3RzCgpFeGl0LUpzb24gJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "gather_timeout": 10, "_ansible_module_name": "setup", "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "gather_subset": ["all"], "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 96d75308-da19-4620-b3f7-20e977dc3ab0 Path:	4104	1		3	2	15	0	1847	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1352	3156	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:21 PM	839e3e65-ff4b-0003-c77a-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): gICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTgsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCkZ1bmN0aW9uIEdldC1DdXN0b21GYWN0cyB7CiAgW2NtZGxldEJpbmRpbmcoKV0KICBwYXJhbSAoCiAgICBbUGFyYW1ldGVyKG1hbmRhdG9yeT0kZmFsc2UpXQogICAgJGZhY3RwYXRoID0gJG51bGwKICApCgogIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGZhY3RwYXRoKSkgewogICAgRmFpbC1Kc29uICRyZXN1bHQgIlRoZSBwYXRoICRmYWN0cGF0aCBkb2VzIG5vdCBleGlzdC4gVHlwbz8iCiAgfQoKICAkRmFjdHNGaWxlcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJGZhY3RwYXRoIHwgV2hlcmUtT2JqZWN0IC1GaWx0ZXJTY3JpcHQgeygkUFNJdGVtLlBTSXNDb250YWluZXIgLWVxICRmYWxzZSkgLWFuZCAoJFBTSXRlbS5FeHRlbnNpb24gLWVxICcucHMxJyl9CgogIGZvcmVhY2ggKCRGYWN0c0ZpbGUgaW4gJEZhY3RzRmlsZXMpIHsKICAgICAgJG91dCA9ICYgJCgkRmFjdHNGaWxlLkZ1bGxOYW1lKQogICAgICAkcmVzdWx0LmFuc2libGVfZmFjdHMuQWRkKCJhbnNpYmxlXyQoKCRGYWN0c0ZpbGUuTmFtZSkuU3BsaXQoJy4nKVswXSkiLCAkb3V0KQogIH0KfQoKRnVuY3Rpb24gR2V0LU1hY2hpbmVTaWQgewogICAgIyBUaGUgTWFjaGluZSBTSUQgaXMgc3RvcmVkIGluIEhLTE06XFNFQ1VSSVRZXFNBTVxEb21haW5zXEFjY291bnQgYW5kIGlzCiAgICAjIG9ubHkgYWNjZXNzaWJsZSBieSB0aGUgTG9jYWwgU3lzdGVtIGFjY291bnQuIFRoaXMgbWV0aG9kIGdldCdzIHRoZSBsb2NhbAogICAgIyBhZG1pbiBhY2NvdW50IChlbmRzIHdpdGggLTUwMCkgYW5kIGxvcHMgaXQgb2ZmIHRvIGdldCB0aGUgbWFjaGluZSBzaWQuCgogICAgJGFkbWluc19zaWQgPSAiUy0xLTUtMzItNTQ0IgogICAgJGFkbWluX2dyb3VwID0gKFtTZWN1cml0eS5QcmluY2lwYWwuU2VjdXJpdHlJZGVudGlmaWVyXSRhZG1pbnNfc2lkKS5UcmFuc2xhdGUoW1NlY3VyaXR5LlByaW5jaXBhbC5OVEFjY291bnRdKS5WYWx1ZSAKCiAgICBBZGQtVHlwZSAtQXNzZW1ibHlOYW1lIFN5c3RlbS5EaXJlY3RvcnlTZXJ2aWNlcy5BY2NvdW50TWFuYWdlbWVudAogICAgJHByaW5jaXBhbF9jb250ZXh0ID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50LlByaW5jaXBhbENvbnRleHQoW1N5c3RlbS5EaXJlY3RvcnlTZXJ2aWNlcy5BY2NvdW50TWFuYWdlbWVudC5Db250ZXh0VHlwZV06Ok1hY2hpbmUpCiAgICAkZ3JvdXBfcHJpbmNpcGFsID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50Lkdyb3VwUHJpbmNpcGFsKCRwcmluY2lwYWxfY29udGV4dCwgJGFkbWluX2dyb3VwKQogICAgJHNlYXJjaGVyID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50LlByaW5jaXBhbFNlYXJjaGVyKCRncm91cF9wcmluY2lwYWwpCiAgICAkZ3JvdXBzID0gJHNlYXJjaGVyLkZpbmRPbmUoKQoKICAgICRtYWNoaW5lX3NpZCA9ICRudWxsCiAgICBmb3JlYWNoICgkdXNlciBpbiAkZ3JvdXBzLk1lbWJlcnMpIHsKICAgICAgICAkdXNlcl9zaWQgPSAkdXNlci5TaWQKICAgICAgICBpZiAoJHVzZXJfc2lkLlZhbHVlLkVuZHNXaXRoKCItNTAwIikpIHsKICAgICAgICAgICAgJG1hY2hpbmVfc2lkID0gJHVzZXJfc2lkLkFjY291bnREb21haW5TaWQuVmFsdWUKICAgICAgICAgICAgYnJlYWsKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICRtYWNoaW5lX3NpZAp9CgokY2ltX2luc3RhbmNlcyA9IEB7fQoKRnVuY3Rpb24gR2V0LUxhenlDaW1JbnN0YW5jZShbc3RyaW5nXSRpbnN0YW5jZV9uYW1lLCBbc3RyaW5nXSRuYW1lc3BhY2U9IlJvb3RcQ0lNVjIiKSB7CiAgICBpZigtbm90ICRjaW1faW5zdGFuY2VzLkNvbnRhaW5zS2V5KCRpbnN0YW5jZV9uYW1lKSkgewogICAgICAgICRjaW1faW5zdGFuY2VzWyRpbnN0YW5jZV9uYW1lXSA9ICQoR2V0LUNpbUluc3RhbmNlIC1OYW1lc3BhY2UgJG5hbWVzcGFjZSAtQ2xhc3NOYW1lICRpbnN0YW5jZV9uYW1lKQogICAgfQoKICAgIHJldHVybiAkY2ltX2luc3RhbmNlc1skaW5zdGFuY2VfbmFtZV0KfQoKJHJlc3VsdCA9IEB7CiAgICBhbnNpYmxlX2ZhY3RzID0gQHsgfQogICAgY2hhbmdlZCA9ICRmYWxzZQp9CgokZ3JvdXBlZF9zdWJzZXRzID0gQHsKICAgIG1pbj1bU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuTGlzdFtzdHJpbmddXUAoJ2RhdGVfdGltZScsJ2Rpc3RyaWJ1dGlvbicsJ2RucycsJ2VudicsJ2xvY2FsJywncGxhdGZvcm0nLCdwb3dlcnNoZWxsX3ZlcnNpb24nLCd1c2VyJykKICAgIG5ldHdvcms9W1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkxpc3Rbc3RyaW5nXV1AKCdhbGxfaXB2NF9hZGRyZXNzZXMnLCdhbGxfaXB2Nl9hZGRyZXNzZXMnLCdpbnRlcmZhY2VzJywnd2luZG93c19kb21haW4nLCAnd2lucm0nKQogICAgaGFyZHdhcmU9W1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkxpc3Rbc3RyaW5nXV1AKCdiaW9zJywnbWVtb3J5JywncHJvY2Vzc29yJywndXB0aW1lJykKICAgIGV4dGVybmFsPVtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0W3N0cmluZ11dQCgnZmFjdGVyJykKfQoKIyBidWlsZCAiYWxsIiBzZXQgZnJvbSBldmVyeXRoaW5nIG1lbnRpb25lZCBpbiB0aGUgZ3JvdXAtIHRoaXMgbWVhbnMgZXZlcnkgdmFsdWUgbXVzdCBiZSBpbiBhdCBsZWFzdCBvbmUgc3Vic2V0IHRvIGJlIGNvbnNpZGVyZWQgbGVnYWwKJGFsbF9zZXQgPSBbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSGFzaFNldFtzdHJpbmddXUAoKQoKZm9yZWFjaCgka3YgaW4gJGdyb3VwZWRfc3Vic2V0cy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgIFt2b2lkXSAkYWxsX3NldC5VbmlvbldpdGgoJGt2LlZhbHVlKQp9CgojIGR5bmFtaWNhbGx5IGNyZWF0ZSBhbiAiYWxsIiBzdWJzZXQgbm93IHRoYXQgd2Uga25vdyB3aGF0IHNob3VsZCBiZSBpbiBpdAokZ3JvdXBlZF9zdWJzZXRzWydhbGwnXSA9IFtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0W3N0cmluZ11dJGFsbF9zZXQKCiMgc3RhcnQgd2l0aCBhbGwsIGJ1aWxkIHVwIGdhdGhlciBhbmQgZXhjbHVkZSBzdWJzZXRzCiRnYXRoZXJfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV0kZ3JvdXBlZF9zdWJzZXRzLmFsbAokZXhwbGljaXRfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV1AKCkKJGV4Y2x1ZGVfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV1AKCkKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCiRmYWN0cGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmYWN0X3BhdGgiIC10eXBlICJwYXRoIgokZ2F0aGVyX3N1YnNldF9zb3VyY2UgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2F0aGVyX3N1YnNldCIgLXR5cGUgImxpc3QiIC1kZWZhdWx0ICJhbGwiCgpmb3JlYWNoKCRpdGVtIGluICRnYXRoZXJfc3Vic2V0X3NvdXJjZSkgewogICAgaWYoKFtzdHJpbmddJGl0ZW0pLlN0YXJ0c1dpdGgoIiEiKSkgewogICAgICAgICRpdGVtID0gKFtzdHJpbmddJGl0ZW0pLlN1YnN0cmluZygxKQogICAgICAgIGlmKCRpdGVtIC1lcSAiYWxsIikgewogICAgICAgICAgICAkYWxsX21pbnVzX21pbiA9IFtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5IYXNoU2V0W3N0cmluZ11dQCgkYWxsX3NldCkKICAgICAgICAgICAgW3ZvaWRdICRhbGxfbWludXNfbWluLkV4Y2VwdFdpdGgoJGdyb3VwZWRfc3Vic2V0cy5taW4pCiAgICAgICAgICAgIFt2b2lkXSAkZXhjbHVkZV9zdWJzZXQuVW5pb25XaXRoKCRhbGxfbWludXNfbWluKQogICAgICAgIH0KICAgICAgICBlbHNlaWYoJGdyb3VwZWRfc3Vic2V0cy5Db250YWluc0tleSgkaXRlbSkpIHsKICAgICAgICAgICAgW3ZvaWRdICRleGNsdWRlX3N1YnNldC5VbmlvbldpdGgoJGdyb3VwZWRfc3Vic2V0c1skaXRlbV0pCiAgICAgICAgfQogICAgICAgIGVsc2VpZigkYWxsX3NldC5Db250YWlucygkaXRlbSkpIHsKICAgICAgICAgICAgW3ZvaWRdICRleGNsdWRlX3N1YnNldC5BZGQoJGl0ZW0pCiAgICAgICAgfQogICAgICAgICMgTkI6IGludmFsaWQgZXhjbHVkZSB2YWx1ZXMgYXJlIGlnbm9yZWQsIHNpbmNlIHRoYXQncyB3aGF0IHBvc2l4IHNldHVwIGRvZXMKICAgIH0KICAgIGVsc2UgewogICAgICAgIGlmKCRncm91cGVkX3N1YnNldHMuQ29udGFpbnNLZXkoJGl0ZW0pKSB7CiAgICAgICAgICAgIFt2b2lkXSAkZXhwbGljaXRfc3Vic2V0LlVuaW9uV2l0aCgkZ3JvdXBlZF9zdWJzZXRzWyRpdGVtXSkKICAgICAgICB9CiAgICAgICAgZWxzZWlmKCRhbGxfc2V0LkNvbnRhaW5zKCRpdGVtKSkgewogICAgICAgICAgICBbdm9pZF0gJGV4cGxpY2l0X3N1YnNldC5BZGQoJGl0ZW0pCiAgICAgICAgfQogICAgICAgIGVsc2UgewogICAgICAgICAgICAjIE5COiBQT1NJWCBzZXR1cCBmYWlscyBvbiBpbnZhbGlkIHZhbHVlOyB3ZSB3YXJuLCBiZWNhdXNlIHdlIGRvbid0IGltcGxlbWVudCB0aGUgc2FtZSBzZXQgYXMgUE9TSVgKICAgICAgICAgICAgIyBhbmQgd2UgZG9uJ3QgaGF2ZSBwbGF0Zm9ybS1zcGVjaWZpYyBjb25maWcgZm9yIHRoaXMuLi4KICAgICAgICAgICAgQWRkLVdhcm5pbmcgJHJlc3VsdCAiaW52YWxpZCB2YWx1ZSAkaXRlbSBzcGVjaWZpZWQgaW4gZ2F0aGVyX3N1YnNldCIKICAgICAgICB9CiAgICB9Cn0KClt2b2lkXSAkZ2F0aGVyX3N1YnNldC5FeGNlcHRXaXRoKCRleGNsdWRlX3N1YnNldCkKW3ZvaWRdICRnYXRoZXJfc3Vic2V0LlVuaW9uV2l0aCgkZXhwbGljaXRfc3Vic2V0KQoKJGFuc2libGVfZmFjdHMgPSBAewogICAgZ2F0aGVyX3N1YnNldD1AKCRnYXRoZXJfc3Vic2V0X3NvdXJjZSkKICAgIG1vZHVsZV9zZXR1cD0kdHJ1ZQp9Cgokb3N2ZXJzaW9uID0gW0Vudmlyb25tZW50XTo6T1NWZXJzaW9uCgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnYWxsX2lwdjRfYWRkcmVzc2VzJykgLW9yICRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdhbGxfaXB2Nl9hZGRyZXNzZXMnKSkgewogICAgJG5ldGNmZyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfTmV0d29ya0FkYXB0ZXJDb25maWd1cmF0aW9uCiAgICAKICAgICMgVE9ETzogc3BsaXQgdjQvdjYgcHJvcGVybHksIHJldHVybiBpbiBzZXBhcmF0ZSBrZXlzCiAgICAkaXBzID0gQCgpCiAgICBGb3JlYWNoICgkaXAgaW4gJG5ldGNmZy5JUEFkZHJlc3MpIHsKICAgICAgICBJZiAoJGlwKSB7CiAgICAgICAgICAgICRpcHMgKz0gJGlwCiAgICAgICAgfQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9pcF9hZGRyZXNzZXMgPSAkaXBzCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdiaW9zJykpIHsKICAgICR3aW4zMl9iaW9zID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9CaW9zCiAgICAkd2luMzJfY3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX0NvbXB1dGVyU3lzdGVtCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfYmlvc19kYXRlID0gJHdpbjMyX2Jpb3MuUmVsZWFzZURhdGUuVG9TdHJpbmcoIk1NL2RkL3l5eXkiKQogICAgICAgIGFuc2libGVfYmlvc192ZXJzaW9uID0gJHdpbjMyX2Jpb3MuU01CSU9TQklPU1ZlcnNpb24KICAgICAgICBhbnNpYmxlX3Byb2R1Y3RfbmFtZSA9ICR3aW4zMl9jcy5Nb2RlbC5UcmltKCkKICAgICAgICBhbnNpYmxlX3Byb2R1Y3Rfc2VyaWFsID0gJHdpbjMyX2Jpb3MuU2VyaWFsTnVtYmVyCiAgICAgICAgIyBhbnNpYmxlX3Byb2R1Y3RfdmVyc2lvbiA9IChbc3RyaW5nXSAkd2luMzJfY3MuU3lzdGVtRmFtaWx5KQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnZGF0ZV90aW1lJykpIHsKICAgICRkYXRldGltZSA9IChHZXQtRGF0ZSkKICAgICRkYXRldGltZV91dGMgPSAkZGF0ZXRpbWUuVG9Vbml2ZXJzYWxUaW1lKCkKICAgICRkYXRlID0gQHsKICAgICAgICBkYXRlID0gJGRhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIikKICAgICAgICBkYXkgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoImRkIikKICAgICAgICBlcG9jaCA9IChHZXQtRGF0ZSAtVUZvcm1hdCAiJXMiKQogICAgICAgIGhvdXIgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIkhIIikKICAgICAgICBpc284NjAxID0gJGRhdGV0aW1lX3V0Yy5Ub1N0cmluZygieXl5eS1NTS1kZFRISDptbTpzc1oiKQogICAgICAgIGlzbzg2MDFfYmFzaWMgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXlNTWRkVEhIbW1zc2ZmZmZmZiIpCiAgICAgICAgaXNvODYwMV9iYXNpY19zaG9ydCA9ICRkYXRldGltZS5Ub1N0cmluZygieXl5eU1NZGRUSEhtbXNzIikKICAgICAgICBpc284NjAxX21pY3JvID0gJGRhdGV0aW1lX3V0Yy5Ub1N0cmluZygieXl5eS1NTS1kZFRISDptbTpzcy5mZmZmZmZaIikKICAgICAgICBtaW51dGUgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIm1tIikKICAgICAgICBtb250aCA9ICRkYXRldGltZS5Ub1N0cmluZygiTU0iKQogICAgICAgIHNlY29uZCA9ICRkYXRldGltZS5Ub1N0cmluZygic3MiKQogICAgICAgIHRpbWUgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIkhIOm1tOnNzIikKICAgICAgICB0eiA9IChbU3lzdGVtLlRpbWVab25lSW5mb106OkxvY2FsLklkKQogICAgICAgIHR6X29mZnNldCA9ICRkYXRldGltZS5Ub1N0cmluZygienp6eiIpCiAgICAgICAgIyBFbnN1cmUgdGhhdCB0aGUgd2Vla2RheSBpcyBpbiBFbmdsaXNoCiAgICAgICAgd2Vla2RheSA9ICRkYXRldGltZS5Ub1N0cmluZygiZGRkZCIsIFtTeXN0ZW0uR2xvYmFsaXphdGlvbi5DdWx0dXJlSW5mb106OkludmFyaWFudEN1bHR1cmUpCiAgICAgICAgd2Vla2RheV9udW1iZXIgPSAoR2V0LURhdGUgLVVGb3JtYXQgIiV3IikKICAgICAgICB3ZWVrbnVtYmVyID0gKEdldC1EYXRlIC1VRm9ybWF0ICIlVyIpCiAgICAgICAgeWVhciA9ICRkYXRldGltZS5Ub1N0cmluZygieXl5eSIpCiAgICB9CgogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICBhbnNpYmxlX2RhdGVfdGltZSA9ICRkYXRlCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdkaXN0cmlidXRpb24nKSkgewogICAgJHdpbjMyX29zID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9PcGVyYXRpbmdTeXN0ZW0KICAgICRwcm9kdWN0X3R5cGUgPSBzd2l0Y2goJHdpbjMyX29zLlByb2R1Y3RUeXBlKSB7CiAgICAgICAgMSB7ICJ3b3Jrc3RhdGlvbiIgfQogICAgICAgIDIgeyAiZG9tYWluX2NvbnRyb2xsZXIiIH0KICAgICAgICAzIHsgInNlcnZlciIgfQogICAgICAgIGRlZmF1bHQgeyAidW5rbm93biIgfQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9kaXN0cmlidXRpb24gPSAkd2luMzJfb3MuQ2FwdGlvbgogICAgICAgIGFuc2libGVfZGlzdHJpYnV0aW9uX3ZlcnNpb24gPSAkb3N2ZXJzaW9uLlZlcnNpb24uVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfZGlzdHJpYnV0aW9uX21ham9yX3ZlcnNpb24gPSAkb3N2ZXJzaW9uLlZlcnNpb24uTWFqb3IuVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfb3NfZmFtaWx5ID0gIldpbmRvd3MiCiAgICAgICAgYW5zaWJsZV9vc19uYW1lID0gKCR3aW4zMl9vcy5OYW1lLlNwbGl0KCd8JylbMF0pLlRyaW0oKQogICAgICAgIGFuc2libGVfb3NfcHJvZHVjdF90eXBlID0gJHByb2R1Y3RfdHlwZQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnZW52JykpIHsKICAgICRlbnZfdmFycyA9IEB7IH0KICAgIGZvcmVhY2ggKCRpdGVtIGluIEdldC1DaGlsZEl0ZW0gRW52OikgewogICAgICAgICRuYW1lID0gJGl0ZW0gfCBzZWxlY3QgLUV4cGFuZFByb3BlcnR5IE5hbWUKICAgICAgICAjIFBvd2Vyc2hlbGwgQ29udmVydFRvLUpzb24gZmFpbHMgaWYgc3RyaW5nIGVuZHMgd2l0aCBcCiAgICAgICAgJHZhbHVlID0gKCRpdGVtIHwgc2VsZWN0IC1FeHBhbmRQcm9wZXJ0eSBWYWx1ZSkuVHJpbUVuZCgiXCIpCiAgICAgICAgJGVudl92YXJzLkFkZCgkbmFtZSwgJHZhbHVlKQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9lbnYgPSAkZW52X3ZhcnMKICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ2ZhY3RlcicpKSB7CiAgICAjIFNlZSBpZiBGYWN0ZXIgaXMgb24gdGhlIFN5c3RlbSBQYXRoCiAgICBUcnkgewogICAgICAgICRmYWN0ZXJfZXhlID0gR2V0LUNvbW1hbmQgZmFjdGVyIC1FcnJvckFjdGlvbiBTdG9wCiAgICAgICAgJGZhY3Rlcl9pbnN0YWxsZWQgPSAkdHJ1ZQogICAgfSBDYXRjaCB7CiAgICAgICAgJGZhY3Rlcl9pbnN0YWxsZWQgPSAkZmFsc2UKICAgIH0KCiAgICAjIEdldCBKU09OIGZyb20gRmFjdGVyLCBhbmQgcGFyc2UgaXQgb3V0LgogICAgaWYgKCRmYWN0ZXJfaW5zdGFsbGVkKSB7CiAgICAgICAgJmZhY3RlciAtaiB8IFRlZS1PYmplY3QgIC1WYXJpYWJsZSBmYWN0ZXJfb3V0cHV0IHwgT3V0LU51bGwKICAgICAgICAkZmFjdHMgPSAiJGZhY3Rlcl9vdXRwdXQiIHwgQ29udmVydEZyb20tSnNvbgogICAgICAgIEZvckVhY2goJGZhY3QgaW4gJGZhY3RzLlBTT2JqZWN0LlByb3BlcnRpZXMpIHsKICAgICAgICAgICAgJGZhY3RfbmFtZSA9ICRmYWN0Lk5hbWUKICAgICAgICAgICAgJGFuc2libGVfZmFjdHMuQWRkKCJmYWN0ZXJfJGZhY3RfbmFtZSIsICRmYWN0LlZhbHVlKQogICAgICAgIH0KICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ2ludGVyZmFjZXMnKSkgewogICAgJG5ldGNmZyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfTmV0d29ya0FkYXB0ZXJDb25maWd1cmF0aW9uCiAgICAkQWN0aXZlTmV0Y2ZnID0gQCgpCiAgICAkQWN0aXZlTmV0Y2ZnICs9ICRuZXRjZmcgfCB3aGVyZSB7JF8uaXBhZGRyZXNzIC1uZSAkbnVsbH0KCiAgICAkbmFtZXNwYWNlcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgX19OYW1lc3BhY2UgLW5hbWVzcGFjZSByb290CiAgICBpZiAoJG5hbWVzcGFjZXMgfCBXaGVyZS1PYmplY3QgeyAkXy5OYW1lIC1lcSAiU3RhbmRhcmRDaW12IiB9KSB7CiAgICAgICAgJG5ldF9hZGFwdGVycyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgTVNGVF9OZXRBZGFwdGVyIC1uYW1lc3BhY2UgUm9vdFxTdGFuZGFyZENpbXYyCiAgICAgICAgJGd1aWRfa2V5ID0gIkludGVyZmFjZUdVSUQiCiAgICAgICAgJG5hbWVfa2V5ID0gIk5hbWUiCiAgICB9IGVsc2UgewogICAgICAgICRuZXRfYWRhcHRlcnMgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX05ldHdvcmtBZGFwdGVyICAgICAgICAKICAgICAgICAkZ3VpZF9rZXkgPSAiR1VJRCIKICAgICAgICAkbmFtZV9rZXkgPSAiTmV0Q29ubmVjdGlvbklEIgogICAgfQoKICAgICRmb3JtYXR0ZWRuZXRjZmcgPSBAKCkKICAgIGZvcmVhY2ggKCRhZGFwdGVyIGluICRBY3RpdmVOZXRjZmcpCiAgICB7CiAgICAgICAgJHRoaXNhZGFwdGVyID0gQHsKICAgICAgICAgICAgZGVmYXVsdF9nYXRld2F5ID0gJG51bGwKICAgICAgICAgICAgY29ubmVjdGlvbl9uYW1lID0gJG51bGwKICAgICAgICAgICAgZG5zX2RvbWFpbiA9ICRhZGFwdGVyLmRuc2RvbWFpbgogICAgICAgICAgICBpbnRlcmZhY2VfaW5kZXggPSAkYWRhcHRlci5JbnRlcmZhY2VJbmRleAogICAgICAgICAgICBpbnRlcmZhY2VfbmFtZSA9ICRhZGFwdGVyLmRlc2NyaXB0aW9uCiAgICAgICAgICAgIG1hY2FkZHJlc3MgPSAkYWRhcHRlci5tYWNhZGRyZXNzCiAgICAgICAgfQoKICAgICAgICBpZiAoJGFkYXB0ZXIuZGVmYXVsdElQR2F0ZXdheSkKICAgICAgICB7CiAgICAgICAgICAgICR0aGlzYWRhcHRlci5kZWZhdWx0X2dhdGV3YXkgPSAkYWRhcHRlci5EZWZhdWx0SVBHYXRld2F5WzBdLlRvU3RyaW5nKCkKICAgICAgICB9CiAgICAgICAgJG5ldF9hZGFwdGVyID0gJG5ldF9hZGFwdGVycyB8IFdoZXJlLU9ia ScriptBlock ID: 96d75308-da19-4620-b3f7-20e977dc3ab0 Path:	4104	1		3	2	15	0	1846	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1352	3156	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:21 PM	839e3e65-ff4b-0003-c77a-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwo ScriptBlock ID: 96d75308-da19-4620-b3f7-20e977dc3ab0 Path:	4104	1		3	2	15	0	1845	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1352	3156	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:21 PM	839e3e65-ff4b-0003-c77a-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1844	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1352	4588	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:21 PM	839e3e65-ff4b-0005-4f5c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1352 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1843	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1352	1852	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:21 PM	839e3e65-ff4b-0005-4f5c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1842	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1352	4588	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:21 PM	839e3e65-ff4b-0005-4f5c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1841	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1788	4360	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:04 PM	839e3e65-ff4b-0001-bf4c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1788 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1840	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1788	2948	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:04 PM	839e3e65-ff4b-0001-bf4c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1839	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1788	4360	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:04 PM	839e3e65-ff4b-0001-bf4c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = b2b7dbd3-b503-448a-adc4-9640a86b2c98 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 0aa9b475-8242-4172-9315-834abe662ae4 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1838	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4472	4348	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:04 PM	839e3e65-ff4b-0002-b6e6-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: ed3363b2-a95a-49af-8840-edd9f80dc7d2 Path:	4104	1		3	2	15	0	1837	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4472	3768	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:04 PM	839e3e65-ff4b-0002-97e6-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: ff926a0f-f766-4992-9f01-4c7073efc638 Path:	4104	1		3	2	15	0	1836	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4472	3768	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:04 PM	839e3e65-ff4b-0000-1c53-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: e454d0a7-176e-4db4-883f-2e1a2a35fca0 Path:	4104	1		3	2	15	0	1835	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4472	3768	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:03 PM	839e3e65-ff4b-0000-0d53-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): ykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "python \"c:\\openstack\\tmp\\\\get-pip.py\" -c \"c:\\openstack\\tmp\\\\constraints.txt\" pip", "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: f18b8563-90f8-43ef-a30f-94a6984427c1 Path:	4104	1		3	2	15	0	1834	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4472	3768	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:03 PM	839e3e65-ff4b-0004-d950-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): gICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlc ScriptBlock ID: f18b8563-90f8-43ef-a30f-94a6984427c1 Path:	4104	1		3	2	15	0	1833	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4472	3768	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:03 PM	839e3e65-ff4b-0004-d950-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): E9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiA ScriptBlock ID: f18b8563-90f8-43ef-a30f-94a6984427c1 Path:	4104	1		3	2	15	0	1832	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4472	3768	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:03 PM	839e3e65-ff4b-0004-d950-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50IC ScriptBlock ID: f18b8563-90f8-43ef-a30f-94a6984427c1 Path:	4104	1		3	2	15	0	1831	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4472	3768	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:03 PM	839e3e65-ff4b-0004-d950-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1830	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4472	1076	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:03 PM	839e3e65-ff4b-0001-b84c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4472 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1829	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4472	4948	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:03 PM	839e3e65-ff4b-0001-b84c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1828	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4472	1076	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:03 PM	839e3e65-ff4b-0001-b84c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: 96781373-5406-4829-97f7-ca0d01a2cf26 Path:	4104	1		3	2	15	0	1827	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4992	3840	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:02 PM	839e3e65-ff4b-0002-64e6-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 533982da-f475-4133-af33-c4e889e35eae Path:	4104	1		3	2	15	0	1826	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4992	4924	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:02 PM	839e3e65-ff4b-0002-57e6-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 4a0dd485-e422-4c74-924e-969d5e4ef615 Path:	4104	1		3	2	15	0	1825	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4992	4924	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:01 PM	839e3e65-ff4b-0002-48e6-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): %TEMP%", "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_copy_mode": "query", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null, "_ansible_version": "2.7.0", "_ansible_module_name": "win_copy"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: e10b4b1a-4c0b-42d0-9916-8e738f852ee5 Path:	4104	1		3	2	15	0	1824	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4992	4924	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:01 PM	839e3e65-ff4b-0002-41e6-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): AyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"symlinks": [], "files": [{"dest": "constraints.txt", "checksum": "e88c82760f48bf290a9e1c662887bcb6a3146908", "src": "/home/jenkins-slave/.ansible/tmp/ansible-local-24264GjbpkW/tmp5d40Oz"}], "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "force": true, "_ansible_no_log": false, "dest": "c:/openstack/tmp", "directories": [], "_ansible_remote_tmp": " ScriptBlock ID: e10b4b1a-4c0b-42d0-9916-8e738f852ee5 Path:	4104	1		3	2	15	0	1823	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4992	4924	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:01 PM	839e3e65-ff4b-0002-41e6-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): GlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMT ScriptBlock ID: e10b4b1a-4c0b-42d0-9916-8e738f852ee5 Path:	4104	1		3	2	15	0	1822	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4992	4924	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:01 PM	839e3e65-ff4b-0002-41e6-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): GFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZ ScriptBlock ID: e10b4b1a-4c0b-42d0-9916-8e738f852ee5 Path:	4104	1		3	2	15	0	1821	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4992	4924	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:01 PM	839e3e65-ff4b-0002-41e6-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29ud ScriptBlock ID: e10b4b1a-4c0b-42d0-9916-8e738f852ee5 Path:	4104	1		3	2	15	0	1820	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4992	4924	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:01 PM	839e3e65-ff4b-0002-41e6-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1819	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4992	2156	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:01 PM	839e3e65-ff4b-0002-3fe6-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4992 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1818	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4992	4036	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:01 PM	839e3e65-ff4b-0002-3fe6-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1817	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4992	2156	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:01 PM	839e3e65-ff4b-0002-3fe6-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net; public class ExtendedWebClient : WebClient { public int Timeout; public ExtendedWebClient() { Timeout = 600000; // Default timeout value } protected override WebRequest GetWebRequest(System.Uri address) { WebRequest request = base.GetWebRequest(address); request.Timeout = Timeout; return request; } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 62910585-bc27-4c7a-b61b-9f251cb9eeaf Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 38ce8e66-1ce1-4267-b87d-08e5ca82a24d Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1816	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4524	840	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:00 PM	839e3e65-ff4b-0002-1be6-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Paul Durivage <paul.durivage@rackspace.com> # Copyright: (c) 2015, Tal Auslander <tal@cloudshare.com> # Copyright: (c) 2017, Dag Wieers <dag@wieers.com> # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $_remote_tmp = Get-AnsibleParam $params "_ansible_remote_tmp" -type "path" -default $env:TMP $webclient_util = @" using System.Net; public class ExtendedWebClient : WebClient { public int Timeout; public ExtendedWebClient() { Timeout = 600000; // Default timeout value } protected override WebRequest GetWebRequest(System.Uri address) { WebRequest request = base.GetWebRequest(address); request.Timeout = Timeout; return request; } } "@ $original_tmp = $env:TMP $env:TMP = $_remote_tmp Add-Type -TypeDefinition $webclient_util $env:TMP = $original_tmp Function CheckModified-File($url, $dest, $headers, $credentials, $timeout, $use_proxy, $proxy) { $fileLastMod = ([System.IO.FileInfo]$dest).LastWriteTimeUtc $webLastMod = $null $webRequest = [System.Net.WebRequest]::Create($url) foreach ($header in $headers.GetEnumerator()) { $webRequest.Headers.Add($header.Name, $header.Value) } if ($timeout) { $webRequest.Timeout = $timeout * 1000 } if (-not $use_proxy) { # Ignore the system proxy settings $webRequest.Proxy = $null } elseif ($proxy) { $webRequest.Proxy = $proxy } if ($credentials) { if ($force_basic_auth) { $webRequest.Headers.Add("Authorization", "Basic $credentials") } else { $webRequest.Credentials = $credentials } } if ($webRequest -is [System.Net.FtpWebRequest]) { $webRequest.Method = [System.Net.WebRequestMethods+Ftp]::GetDateTimestamp } else { $webRequest.Method = [System.Net.WebRequestMethods+Http]::Head } Try { $webResponse = $webRequest.GetResponse() $webLastMod = $webResponse.LastModified } Catch [System.Net.WebException] { $result.status_code = $_.Exception.Response.StatusCode Fail-Json -obj $result -message "Error requesting '$url'. $($_.Exception.Message)" } Catch { Fail-Json -obj $result -message "Error when requesting 'Last-Modified' date from '$url'. $($_.Exception.Message)" } $result.status_code = [int] $webResponse.StatusCode $result.msg = $webResponse.StatusDescription $webResponse.Close() if ($webLastMod -and ((Get-Date -Date $webLastMod).ToUniversalTime() -lt $fileLastMod)) { return $false } else { return $true } } Function Download-File($result, $url, $dest, $headers, $credentials, $timeout, $use_proxy, $proxy, $whatif) { # Check $dest parent folder exists before attempting download, which avoids unhelpful generic error message. $dest_parent = Split-Path -LiteralPath $dest if (-not (Test-Path -LiteralPath $dest_parent -PathType Container)) { Fail-Json -obj $result -message "The path '$dest_parent' does not exist for destination '$dest', or is not visible to the current user. Ensure download destination folder exists (perhaps using win_file state=directory) before win_get_url runs." } # TODO: Replace this with WebRequest $extWebClient = New-Object ExtendedWebClient foreach ($header in $headers.GetEnumerator()) { $extWebClient.Headers.Add($header.Name, $header.Value) } if ($timeout) { $extWebClient.Timeout = $timeout * 1000 } if (-not $use_proxy) { # Ignore the system proxy settings $extWebClient.Proxy = $null } elseif ($proxy) { $extWebClient.Proxy = $proxy } if ($credentials) { if ($force_basic_auth) { $extWebClient.Headers.Add("Authorization","Basic $credentials") } else { $extWebClient.Credentials = $credentials } } if (-not $whatif) { Try { $extWebClient.DownloadFile($url, $dest) } Catch [System.Net.WebException] { $result.status_code = [int] $_.Exception.Response.StatusCode Fail-Json -obj $result -message "Error downloading '$url' to '$dest': $($_.Exception.Message)" } Catch { Fail-Json -obj $result -message "Unknown error downloading '$url' to '$dest': $($_.Exception.Message)" } } $result.status_code = 200 $result.changed = $true $result.msg = 'OK' $result.dest = $dest } $url = Get-AnsibleParam -obj $params -name "url" -type "str" -failifempty $true $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true $timeout = Get-AnsibleParam -obj $params -name "timeout" -type "int" -default 10 $headers = Get-AnsibleParam -obj $params -name "headers" -type "dict" -default @{} $skip_certificate_validation = Get-AnsibleParam -obj $params -name "skip_certificate_validation" -type "bool" $validate_certs = Get-AnsibleParam -obj $params -name "validate_certs" -type "bool" -default $true $url_username = Get-AnsibleParam -obj $params -name "url_username" -type "str" -aliases "username" $url_password = Get-AnsibleParam -obj $params -name "url_password" -type "str" -aliases "password" $force_basic_auth = Get-AnsibleParam -obj $params -name "force_basic_auth" -type "bool" -default $false $use_proxy = Get-AnsibleParam -obj $params -name "use_proxy" -type "bool" -default $true $proxy_url = Get-AnsibleParam -obj $params -name "proxy_url" -type "str" $proxy_username = Get-AnsibleParam -obj $params -name "proxy_username" -type "str" $proxy_password = Get-AnsibleParam -obj $params -name "proxy_password" -type "str" $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true $result = @{ changed = $false dest = $dest url = $url # This is deprecated as of v2.4, remove in v2.8 win_get_url = @{ dest = $dest url = $url } } if (-not $use_proxy -and ($proxy_url -or $proxy_username -or $proxy_password)) { Add-Warning -obj $result -msg "Not using a proxy on request, however a 'proxy_url', 'proxy_username' or 'proxy_password' was defined." } $proxy = $null if ($proxy_url) { $proxy = New-Object System.Net.WebProxy($proxy_url, $true) if ($proxy_username -and $proxy_password) { $proxy_credential = New-Object System.Net.NetworkCredential($proxy_username, $proxy_password) $proxy.Credentials = $proxy_credential } } $credentials = $null if ($url_username) { if ($force_basic_auth) { $credentials = [convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($url_username+":"+$url_password)) } else { $credentials = New-Object System.Net.NetworkCredential($url_username, $url_password) } } # If skip_certificate_validation was specified, use validate_certs if ($skip_certificate_validation -ne $null) { Add-DeprecationWarning -obj $result -message "The parameter 'skip_certificate_validation' is being replaced with 'validate_certs'" -version 2.8 $validate_certs = -not $skip_certificate_validation } if (-not $validate_certs) { [System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true } } # Use last part of url for dest file name if a directory is supplied for $dest if (Test-Path -LiteralPath $dest -PathType Container) { $uri = [System.Uri]$url $basename = Split-Path -Path $uri.LocalPath -Leaf if ($uri.LocalPath -and $uri.LocalPath -ne '/' -and $basename) { $url_basename = Split-Path -Path $uri.LocalPath -Leaf $dest = Join-Path -Path $dest -ChildPath $url_basename } else { $dest = Join-Path -Path $dest -ChildPath $uri.Host } } elseif (([System.IO.Path]::GetFileName($dest)) -eq '') { # We have a trailing path separator Fail-Json -obj $result -message "The destination path '$dest' does not exist, or is not visible to the current user. Ensure download destination folder exists (perhaps using win_file state=directory) before win_get_url runs." } $result.dest = $dest $result.win_get_url.dest = $dest # Enable TLS1.1/TLS1.2 if they're available but disabled (eg. .NET 4.5) $security_protcols = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::SystemDefault if ([Net.SecurityProtocolType].GetMember("Tls11").Count -gt 0) { $security_protcols = $security_protcols -bor [Net.SecurityProtocolType]::Tls11 } if ([Net.SecurityProtocolType].GetMember("Tls12").Count -gt 0) { $security_protcols = $security_protcols -bor [Net.SecurityProtocolType]::Tls12 } [Net.ServicePointManager]::SecurityProtocol = $security_protcols if ($force -or -not (Test-Path -LiteralPath $dest)) { Download-File -result $result -url $url -dest $dest -credentials $credentials ` -headers $headers -timeout $timeout -use_proxy $use_proxy -proxy $proxy ` -whatif $check_mode } else { $is_modified = CheckModified-File -result $result -url $url -dest $dest -credentials $credentials ` -headers $headers -timeout $timeout -use_proxy $use_proxy -proxy $proxy if ($is_modified) { Download-File -result $result -url $url -dest $dest -credentials $credentials ` -headers $headers -timeout $timeout -use_proxy $use_proxy -proxy $proxy ` -whatif $check_mode } } Exit-Json -obj $result ScriptBlock ID: 55621330-786b-4f98-8271-9d76c77b6d61 Path:	4104	1		3	2	15	0	1815	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4524	840	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:30:00 PM	839e3e65-ff4b-0002-11e6-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 53eaad32-e294-47e7-9758-4de420312f95 Path:	4104	1		3	2	15	0	1814	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4524	4544	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:59 PM	839e3e65-ff4b-0002-04e6-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 7e7427df-3eb0-40ad-8f11-1768a3001924 Path:	4104	1		3	2	15	0	1813	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4524	4544	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:59 PM	839e3e65-ff4b-0002-f5e5-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): XRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiVGhlIHBhdGggJyRkZXN0X3BhcmVudCcgZG9lcyBub3QgZXhpc3QgZm9yIGRlc3RpbmF0aW9uICckZGVzdCcsIG9yIGlzIG5vdCB2aXNpYmxlIHRvIHRoZSBjdXJyZW50IHVzZXIuICBFbnN1cmUgZG93bmxvYWQgZGVzdGluYXRpb24gZm9sZGVyIGV4aXN0cyAocGVyaGFwcyB1c2luZyB3aW5fZmlsZSBzdGF0ZT1kaXJlY3RvcnkpIGJlZm9yZSB3aW5fZ2V0X3VybCBydW5zLiIKICAgIH0KCiAgICAjIFRPRE86IFJlcGxhY2UgdGhpcyB3aXRoIFdlYlJlcXVlc3QKICAgICRleHRXZWJDbGllbnQgPSBOZXctT2JqZWN0IEV4dGVuZGVkV2ViQ2xpZW50CgogICAgZm9yZWFjaCAoJGhlYWRlciBpbiAkaGVhZGVycy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZXh0V2ViQ2xpZW50LkhlYWRlcnMuQWRkKCRoZWFkZXIuTmFtZSwgJGhlYWRlci5WYWx1ZSkKICAgIH0KCiAgICBpZiAoJHRpbWVvdXQpIHsKICAgICAgICAkZXh0V2ViQ2xpZW50LlRpbWVvdXQgPSAkdGltZW91dCAqIDEwMDAKICAgIH0KCiAgICBpZiAoLW5vdCAkdXNlX3Byb3h5KSB7CiAgICAgICAgIyBJZ25vcmUgdGhlIHN5c3RlbSBwcm94eSBzZXR0aW5ncwogICAgICAgICRleHRXZWJDbGllbnQuUHJveHkgPSAkbnVsbAogICAgfSBlbHNlaWYgKCRwcm94eSkgewogICAgICAgICRleHRXZWJDbGllbnQuUHJveHkgPSAkcHJveHkKICAgIH0KCiAgICBpZiAoJGNyZWRlbnRpYWxzKSB7CiAgICAgICAgaWYgKCRmb3JjZV9iYXNpY19hdXRoKSB7CiAgICAgICAgICAgICRleHRXZWJDbGllbnQuSGVhZGVycy5BZGQoIkF1dGhvcml6YXRpb24iLCJCYXNpYyAkY3JlZGVudGlhbHMiKQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICRleHRXZWJDbGllbnQuQ3JlZGVudGlhbHMgPSAkY3JlZGVudGlhbHMKICAgICAgICB9CiAgICB9CgogICAgaWYgKC1ub3QgJHdoYXRpZikgewogICAgICAgIFRyeSB7CiAgICAgICAgICAgICRleHRXZWJDbGllbnQuRG93bmxvYWRGaWxlKCR1cmwsICRkZXN0KQogICAgICAgIH0gQ2F0Y2ggW1N5c3RlbS5OZXQuV2ViRXhjZXB0aW9uXSB7CiAgICAgICAgICAgICRyZXN1bHQuc3RhdHVzX2NvZGUgPSBbaW50XSAkXy5FeGNlcHRpb24uUmVzcG9uc2UuU3RhdHVzQ29kZQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJFcnJvciBkb3dubG9hZGluZyAnJHVybCcgdG8gJyRkZXN0JzogJCgkXy5FeGNlcHRpb24uTWVzc2FnZSkiCiAgICAgICAgfSBDYXRjaCB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIlVua25vd24gZXJyb3IgZG93bmxvYWRpbmcgJyR1cmwnIHRvICckZGVzdCc6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgICAgIH0KICAgIH0KCiAgICAkcmVzdWx0LnN0YXR1c19jb2RlID0gMjAwCiAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgJHJlc3VsdC5tc2cgPSAnT0snCiAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAp9CgokdXJsID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInVybCIgLXR5cGUgInN0ciIgLWZhaWxpZmVtcHR5ICR0cnVlCiRkZXN0ID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImRlc3QiIC10eXBlICJwYXRoIiAtZmFpbGlmZW1wdHkgJHRydWUKJHRpbWVvdXQgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAidGltZW91dCIgLXR5cGUgImludCIgLWRlZmF1bHQgMTAKJGhlYWRlcnMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiaGVhZGVycyIgLXR5cGUgImRpY3QiIC1kZWZhdWx0IEB7fQokc2tpcF9jZXJ0aWZpY2F0ZV92YWxpZGF0aW9uID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNraXBfY2VydGlmaWNhdGVfdmFsaWRhdGlvbiIgLXR5cGUgImJvb2wiCiR2YWxpZGF0ZV9jZXJ0cyA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJ2YWxpZGF0ZV9jZXJ0cyIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiR1cmxfdXNlcm5hbWUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAidXJsX3VzZXJuYW1lIiAtdHlwZSAic3RyIiAtYWxpYXNlcyAidXNlcm5hbWUiCiR1cmxfcGFzc3dvcmQgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAidXJsX3Bhc3N3b3JkIiAtdHlwZSAic3RyIiAtYWxpYXNlcyAicGFzc3dvcmQiCiRmb3JjZV9iYXNpY19hdXRoID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImZvcmNlX2Jhc2ljX2F1dGgiIC10eXBlICJib29sIiAtZGVmYXVsdCAkZmFsc2UKJHVzZV9wcm94eSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJ1c2VfcHJveHkiIC10eXBlICJib29sIiAtZGVmYXVsdCAkdHJ1ZQokcHJveHlfdXJsID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInByb3h5X3VybCIgLXR5cGUgInN0ciIKJHByb3h5X3VzZXJuYW1lID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInByb3h5X3VzZXJuYW1lIiAtdHlwZSAic3RyIgokcHJveHlfcGFzc3dvcmQgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAicHJveHlfcGFzc3dvcmQiIC10eXBlICJzdHIiCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgokcmVzdWx0ID0gQHsKICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgIGRlc3QgPSAkZGVzdAogICAgdXJsID0gJHVybAogICAgIyBUaGlzIGlzIGRlcHJlY2F0ZWQgYXMgb2YgdjIuNCwgcmVtb3ZlIGluIHYyLjgKICAgIHdpbl9nZXRfdXJsID0gQHsKICAgICAgICBkZXN0ID0gJGRlc3QKICAgICAgICB1cmwgPSAkdXJsCiAgICB9Cn0KCmlmICgtbm90ICR1c2VfcHJveHkgLWFuZCAoJHByb3h5X3VybCAtb3IgJHByb3h5X3VzZXJuYW1lIC1vciAkcHJveHlfcGFzc3dvcmQpKSB7CiAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1zZyAiTm90IHVzaW5nIGEgcHJveHkgb24gcmVxdWVzdCwgaG93ZXZlciBhICdwcm94eV91cmwnLCAncHJveHlfdXNlcm5hbWUnIG9yICdwcm94eV9wYXNzd29yZCcgd2FzIGRlZmluZWQuIgp9CgokcHJveHkgPSAkbnVsbAppZiAoJHByb3h5X3VybCkgewogICAgJHByb3h5ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYlByb3h5KCRwcm94eV91cmwsICR0cnVlKQogICAgaWYgKCRwcm94eV91c2VybmFtZSAtYW5kICRwcm94eV9wYXNzd29yZCkgewogICAgICAgICRwcm94eV9jcmVkZW50aWFsID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0Lk5ldHdvcmtDcmVkZW50aWFsKCRwcm94eV91c2VybmFtZSwgJHByb3h5X3Bhc3N3b3JkKQogICAgICAgICRwcm94eS5DcmVkZW50aWFscyA9ICRwcm94eV9jcmVkZW50aWFsCiAgICB9Cn0KCiRjcmVkZW50aWFscyA9ICRudWxsCmlmICgkdXJsX3VzZXJuYW1lKSB7CiAgICBpZiAoJGZvcmNlX2Jhc2ljX2F1dGgpIHsKICAgICAgICAkY3JlZGVudGlhbHMgPSBbY29udmVydF06OlRvQmFzZTY0U3RyaW5nKFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OkFTQ0lJLkdldEJ5dGVzKCR1cmxfdXNlcm5hbWUrIjoiKyR1cmxfcGFzc3dvcmQpKQogICAgfSBlbHNlIHsKICAgICAgICAkY3JlZGVudGlhbHMgPSBOZXctT2JqZWN0IFN5c3RlbS5OZXQuTmV0d29ya0NyZWRlbnRpYWwoJHVybF91c2VybmFtZSwgJHVybF9wYXNzd29yZCkgCiAgICB9CiAgICAKfQoKIyBJZiBza2lwX2NlcnRpZmljYXRlX3ZhbGlkYXRpb24gd2FzIHNwZWNpZmllZCwgdXNlIHZhbGlkYXRlX2NlcnRzCmlmICgkc2tpcF9jZXJ0aWZpY2F0ZV92YWxpZGF0aW9uIC1uZSAkbnVsbCkgewogICAgQWRkLURlcHJlY2F0aW9uV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIlRoZSBwYXJhbWV0ZXIgJ3NraXBfY2VydGlmaWNhdGVfdmFsaWRhdGlvbicgaXMgYmVpbmcgcmVwbGFjZWQgd2l0aCAndmFsaWRhdGVfY2VydHMnIiAtdmVyc2lvbiAyLjgKICAgICR2YWxpZGF0ZV9jZXJ0cyA9IC1ub3QgJHNraXBfY2VydGlmaWNhdGVfdmFsaWRhdGlvbgp9CgppZiAoLW5vdCAkdmFsaWRhdGVfY2VydHMpIHsKICAgIFtTeXN0ZW0uTmV0LlNlcnZpY2VQb2ludE1hbmFnZXJdOjpTZXJ2ZXJDZXJ0aWZpY2F0ZVZhbGlkYXRpb25DYWxsYmFjayA9IHsgJHRydWUgfQp9CgojIFVzZSBsYXN0IHBhcnQgb2YgdXJsIGZvciBkZXN0IGZpbGUgbmFtZSBpZiBhIGRpcmVjdG9yeSBpcyBzdXBwbGllZCBmb3IgJGRlc3QKaWYgKFRlc3QtUGF0aCAtTGl0ZXJhbFBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikgewogICAgJHVyaSA9IFtTeXN0ZW0uVXJpXSR1cmwKICAgICRiYXNlbmFtZSA9IFNwbGl0LVBhdGggLVBhdGggJHVyaS5Mb2NhbFBhdGggLUxlYWYKICAgIGlmICgkdXJpLkxvY2FsUGF0aCAtYW5kICR1cmkuTG9jYWxQYXRoIC1uZSAnLycgLWFuZCAkYmFzZW5hbWUpIHsKICAgICAgICAkdXJsX2Jhc2VuYW1lID0gU3BsaXQtUGF0aCAtUGF0aCAkdXJpLkxvY2FsUGF0aCAtTGVhZgogICAgICAgICRkZXN0ID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJHVybF9iYXNlbmFtZQogICAgfSBlbHNlIHsKICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICR1cmkuSG9zdAogICAgfQp9IGVsc2VpZiAoKFtTeXN0ZW0uSU8uUGF0aF06OkdldEZpbGVOYW1lKCRkZXN0KSkgLWVxICcnKSB7CiAgICAjIFdlIGhhdmUgYSB0cmFpbGluZyBwYXRoIHNlcGFyYXRvcgogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiVGhlIGRlc3RpbmF0aW9uIHBhdGggJyRkZXN0JyBkb2VzIG5vdCBleGlzdCwgb3IgaXMgbm90IHZpc2libGUgdG8gdGhlIGN1cnJlbnQgdXNlci4gIEVuc3VyZSBkb3dubG9hZCBkZXN0aW5hdGlvbiBmb2xkZXIgZXhpc3RzIChwZXJoYXBzIHVzaW5nIHdpbl9maWxlIHN0YXRlPWRpcmVjdG9yeSkgYmVmb3JlIHdpbl9nZXRfdXJsIHJ1bnMuIgp9CiRyZXN1bHQuZGVzdCA9ICRkZXN0CiRyZXN1bHQud2luX2dldF91cmwuZGVzdCA9ICRkZXN0CgojIEVuYWJsZSBUTFMxLjEvVExTMS4yIGlmIHRoZXkncmUgYXZhaWxhYmxlIGJ1dCBkaXNhYmxlZCAoZWcuIC5ORVQgNC41KQokc2VjdXJpdHlfcHJvdGNvbHMgPSBbTmV0LlNlcnZpY2VQb2ludE1hbmFnZXJdOjpTZWN1cml0eVByb3RvY29sIC1ib3IgW05ldC5TZWN1cml0eVByb3RvY29sVHlwZV06OlN5c3RlbURlZmF1bHQKaWYgKFtOZXQuU2VjdXJpdHlQcm90b2NvbFR5cGVdLkdldE1lbWJlcigiVGxzMTEiKS5Db3VudCAtZ3QgMCkgewogICAgJHNlY3VyaXR5X3Byb3Rjb2xzID0gJHNlY3VyaXR5X3Byb3Rjb2xzIC1ib3IgW05ldC5TZWN1cml0eVByb3RvY29sVHlwZV06OlRsczExCn0KaWYgKFtOZXQuU2VjdXJpdHlQcm90b2NvbFR5cGVdLkdldE1lbWJlcigiVGxzMTIiKS5Db3VudCAtZ3QgMCkgewogICAgJHNlY3VyaXR5X3Byb3Rjb2xzID0gJHNlY3VyaXR5X3Byb3Rjb2xzIC1ib3IgW05ldC5TZWN1cml0eVByb3RvY29sVHlwZV06OlRsczEyCn0KW05ldC5TZXJ2aWNlUG9pbnRNYW5hZ2VyXTo6U2VjdXJpdHlQcm90b2NvbCA9ICRzZWN1cml0eV9wcm90Y29scwoKaWYgKCRmb3JjZSAtb3IgLW5vdCAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkZGVzdCkpIHsKCiAgICBEb3dubG9hZC1GaWxlIC1yZXN1bHQgJHJlc3VsdCAtdXJsICR1cmwgLWRlc3QgJGRlc3QgLWNyZWRlbnRpYWxzICRjcmVkZW50aWFscyBgCiAgICAgICAgICAgICAgICAgIC1oZWFkZXJzICRoZWFkZXJzIC10aW1lb3V0ICR0aW1lb3V0IC11c2VfcHJveHkgJHVzZV9wcm94eSAtcHJveHkgJHByb3h5IGAKICAgICAgICAgICAgICAgICAgLXdoYXRpZiAkY2hlY2tfbW9kZQoKfSBlbHNlIHsKCiAgICAkaXNfbW9kaWZpZWQgPSBDaGVja01vZGlmaWVkLUZpbGUgLXJlc3VsdCAkcmVzdWx0IC11cmwgJHVybCAtZGVzdCAkZGVzdCAtY3JlZGVudGlhbHMgJGNyZWRlbnRpYWxzIGAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtaGVhZGVycyAkaGVhZGVycyAtdGltZW91dCAkdGltZW91dCAtdXNlX3Byb3h5ICR1c2VfcHJveHkgLXByb3h5ICRwcm94eQoKICAgIGlmICgkaXNfbW9kaWZpZWQpIHsKCiAgICAgICAgRG93bmxvYWQtRmlsZSAtcmVzdWx0ICRyZXN1bHQgLXVybCAkdXJsIC1kZXN0ICRkZXN0IC1jcmVkZW50aWFscyAkY3JlZGVudGlhbHMgYAogICAgICAgICAgICAgICAgICAgICAgLWhlYWRlcnMgJGhlYWRlcnMgLXRpbWVvdXQgJHRpbWVvdXQgLXVzZV9wcm94eSAkdXNlX3Byb3h5IC1wcm94eSAkcHJveHkgYAogICAgICAgICAgICAgICAgICAgICAgLXdoYXRpZiAkY2hlY2tfbW9kZQoKICAgIH0KfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAoK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "force": false, "_ansible_no_log": false, "url": "https://bootstrap.pypa.io/get-pip.py", "_ansible_module_name": "win_get_url", "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "dest": "c:\\openstack\\tmp\\get-pip.py", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: e4f4b806-df32-4af9-b4c8-0894498bb5bc Path:	4104	1		3	2	15	0	1812	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4524	4544	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:59 PM	839e3e65-ff4b-0002-efe5-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): oZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIFBhdWwgRHVyaXZhZ2UgPHBhdWwuZHVyaXZhZ2VAcmFja3NwYWNlLmNvbT4KIyBDb3B5cmlnaHQ6IChjKSAyMDE1LCBUYWwgQXVzbGFuZGVyIDx0YWxAY2xvdWRzaGFyZS5jb20+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgRGFnIFdpZWVycyA8ZGFnQHdpZWVycy5jb20+CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MgLXN1cHBvcnRzX2NoZWNrX21vZGUgJHRydWUKJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokX3JlbW90ZV90bXAgPSBHZXQtQW5zaWJsZVBhcmFtICRwYXJhbXMgIl9hbnNpYmxlX3JlbW90ZV90bXAiIC10eXBlICJwYXRoIiAtZGVmYXVsdCAkZW52OlRNUAoKJHdlYmNsaWVudF91dGlsID0gQCIKICAgIHVzaW5nIFN5c3RlbS5OZXQ7CiAgICBwdWJsaWMgY2xhc3MgRXh0ZW5kZWRXZWJDbGllbnQgOiBXZWJDbGllbnQgewogICAgICAgIHB1YmxpYyBpbnQgVGltZW91dDsKCiAgICAgICAgcHVibGljIEV4dGVuZGVkV2ViQ2xpZW50KCkgewogICAgICAgICAgICBUaW1lb3V0ID0gNjAwMDAwOyAvLyBEZWZhdWx0IHRpbWVvdXQgdmFsdWUKICAgICAgICB9CgogICAgICAgIHByb3RlY3RlZCBvdmVycmlkZSBXZWJSZXF1ZXN0IEdldFdlYlJlcXVlc3QoU3lzdGVtLlVyaSBhZGRyZXNzKSB7CiAgICAgICAgICAgIFdlYlJlcXVlc3QgcmVxdWVzdCA9IGJhc2UuR2V0V2ViUmVxdWVzdChhZGRyZXNzKTsKICAgICAgICAgICAgcmVxdWVzdC5UaW1lb3V0ID0gVGltZW91dDsKICAgICAgICAgICAgcmV0dXJuIHJlcXVlc3Q7CiAgICAgICAgfQogICAgfQoiQAokb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKJGVudjpUTVAgPSAkX3JlbW90ZV90bXAKQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICR3ZWJjbGllbnRfdXRpbAokZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKCgpGdW5jdGlvbiBDaGVja01vZGlmaWVkLUZpbGUoJHVybCwgJGRlc3QsICRoZWFkZXJzLCAkY3JlZGVudGlhbHMsICR0aW1lb3V0LCAkdXNlX3Byb3h5LCAkcHJveHkpIHsKCiAgICAkZmlsZUxhc3RNb2QgPSAoW1N5c3RlbS5JTy5GaWxlSW5mb10kZGVzdCkuTGFzdFdyaXRlVGltZVV0YwogICAgJHdlYkxhc3RNb2QgPSAkbnVsbAoKICAgICR3ZWJSZXF1ZXN0ID0gW1N5c3RlbS5OZXQuV2ViUmVxdWVzdF06OkNyZWF0ZSgkdXJsKQogICAgCiAgICBmb3JlYWNoICgkaGVhZGVyIGluICRoZWFkZXJzLkdldEVudW1lcmF0b3IoKSkgewogICAgICAgICR3ZWJSZXF1ZXN0LkhlYWRlcnMuQWRkKCRoZWFkZXIuTmFtZSwgJGhlYWRlci5WYWx1ZSkKICAgIH0KCiAgICBpZiAoJHRpbWVvdXQpIHsKICAgICAgICAkd2ViUmVxdWVzdC5UaW1lb3V0ID0gJHRpbWVvdXQgKiAxMDAwCiAgICB9CgogICAgaWYgKC1ub3QgJHVzZV9wcm94eSkgewogICAgICAgICMgSWdub3JlIHRoZSBzeXN0ZW0gcHJveHkgc2V0dGluZ3MKICAgICAgICAkd2ViUmVxdWVzdC5Qcm94eSA9ICRudWxsCiAgICB9IGVsc2VpZiAoJHByb3h5KSB7CiAgICAgICAgJHdlYlJlcXVlc3QuUHJveHkgPSAkcHJveHkKICAgIH0KCiAgICBpZiAoJGNyZWRlbnRpYWxzKSB7CiAgICAgICAgaWYgKCRmb3JjZV9iYXNpY19hdXRoKSB7CiAgICAgICAgICAgICR3ZWJSZXF1ZXN0LkhlYWRlcnMuQWRkKCJBdXRob3JpemF0aW9uIiwgIkJhc2ljICRjcmVkZW50aWFscyIpCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHdlYlJlcXVlc3QuQ3JlZGVudGlhbHMgPSAkY3JlZGVudGlhbHMKICAgICAgICB9CiAgICB9CgogICAgaWYgKCR3ZWJSZXF1ZXN0IC1pcyBbU3lzdGVtLk5ldC5GdHBXZWJSZXF1ZXN0XSkgewogICAgICAgICR3ZWJSZXF1ZXN0Lk1ldGhvZCA9IFtTeXN0ZW0uTmV0LldlYlJlcXVlc3RNZXRob2RzK0Z0cF06OkdldERhdGVUaW1lc3RhbXAKICAgIH0gZWxzZSB7CiAgICAgICAgJHdlYlJlcXVlc3QuTWV0aG9kID0gW1N5c3RlbS5OZXQuV2ViUmVxdWVzdE1ldGhvZHMrSHR0cF06OkhlYWQKICAgIH0KICAgIAogICAgVHJ5IHsKICAgICAgICAkd2ViUmVzcG9uc2UgPSAkd2ViUmVxdWVzdC5HZXRSZXNwb25zZSgpCgogICAgICAgICR3ZWJMYXN0TW9kID0gJHdlYlJlc3BvbnNlLkxhc3RNb2RpZmllZAogICAgfSBDYXRjaCBbU3lzdGVtLk5ldC5XZWJFeGNlcHRpb25dIHsKICAgICAgICAkcmVzdWx0LnN0YXR1c19jb2RlID0gJF8uRXhjZXB0aW9uLlJlc3BvbnNlLlN0YXR1c0NvZGUKICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJFcnJvciByZXF1ZXN0aW5nICckdXJsJy4gJCgkXy5FeGNlcHRpb24uTWVzc2FnZSkiCiAgICB9IENhdGNoIHsKICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJFcnJvciB3aGVuIHJlcXVlc3RpbmcgJ0xhc3QtTW9kaWZpZWQnIGRhdGUgZnJvbSAnJHVybCcuICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQogICAgJHJlc3VsdC5zdGF0dXNfY29kZSA9IFtpbnRdICR3ZWJSZXNwb25zZS5TdGF0dXNDb2RlCiAgICAkcmVzdWx0Lm1zZyA9ICR3ZWJSZXNwb25zZS5TdGF0dXNEZXNjcmlwdGlvbgogICAgJHdlYlJlc3BvbnNlLkNsb3NlKCkKCiAgICBpZiAoJHdlYkxhc3RNb2QgLWFuZCAoKEdldC1EYXRlIC1EYXRlICR3ZWJMYXN0TW9kKS5Ub1VuaXZlcnNhbFRpbWUoKSAtbHQgJGZpbGVMYXN0TW9kKSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCgpGdW5jdGlvbiBEb3dubG9hZC1GaWxlKCRyZXN1bHQsICR1cmwsICRkZXN0LCAkaGVhZGVycywgJGNyZWRlbnRpYWxzLCAkdGltZW91dCwgJHVzZV9wcm94eSwgJHByb3h5LCAkd2hhdGlmKSB7CgogICAgIyBDaGVjayAkZGVzdCBwYXJlbnQgZm9sZGVyIGV4aXN0cyBiZWZvcmUgYXR0ZW1wdGluZyBkb3dubG9hZCwgd2hpY2ggYXZvaWRzIHVuaGVscGZ1bCBnZW5lcmljIGVycm9yIG1lc3NhZ2UuCiAgICAkZGVzdF9wYXJlbnQgPSBTcGxpdC1QYXRoIC1MaXRlcmFsUGF0aCAkZGVzdAogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtTGl0ZXJhbFBhdGggJGRlc3RfcGFyZW50IC1QY ScriptBlock ID: e4f4b806-df32-4af9-b4c8-0894498bb5bc Path:	4104	1		3	2	15	0	1811	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4524	4544	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:59 PM	839e3e65-ff4b-0002-efe5-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGN ScriptBlock ID: e4f4b806-df32-4af9-b4c8-0894498bb5bc Path:	4104	1		3	2	15	0	1810	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4524	4544	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:59 PM	839e3e65-ff4b-0002-efe5-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1809	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4524	3032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:59 PM	839e3e65-ff4b-0002-ede5-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4524 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1808	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4524	3184	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:59 PM	839e3e65-ff4b-0002-ede5-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1807	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4524	3032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:59 PM	839e3e65-ff4b-0002-ede5-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # WANT_JSON #Requires -Module Ansible.ModuleUtils.Legacy Set-StrictMode -Version 2 $ErrorActionPreference = "Stop" $parsed_args = Parse-Args $args -supports_check_mode $true $result = @{changed=$false} $var_name = Get-AnsibleParam $parsed_args "name" -Default "PATH" $elements = Get-AnsibleParam $parsed_args "elements" -FailIfEmpty $result $state = Get-AnsibleParam $parsed_args "state" -Default "present" -ValidateSet "present","absent" $scope = Get-AnsibleParam $parsed_args "scope" -Default "machine" -ValidateSet "machine","user" $check_mode = Get-AnsibleParam $parsed_args "_ansible_check_mode" -Default $false If ($elements -is [string]) { $elements = @($elements) } If ($elements -isnot [Array]) { Fail-Json $result "elements must be a string or list of path strings" } [System.Collections.ArrayList] $path = [System.Environment]::GetEnvironmentVariable("PATH", $scope).Split(';') $result.path_value = $path -join ";" foreach ($element in $elements) { if ($state -eq "present") { if ($path -notcontains $element){ $result.changed = $true $path.Add($element) } } else { if ($path -contains $element) { $path.Remove($element) $result.changed = $true } } } If ($result.changed -and -not $check_mode) { $result.path_value = $path -join ";" [Environment]::SetEnvironmentVariable("Path", ($path -join ";"), [System.EnvironmentVariableTarget]::$scope ) } Exit-Json $result ScriptBlock ID: f90d969b-a072-4c9e-969d-57340a75dd3c Path:	4104	1		3	2	15	0	1806	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4892	4872	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:58 PM	839e3e65-ff4b-0002-d9e5-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 078093ac-ad9d-4c41-b6b6-d79b29662e74 Path:	4104	1		3	2	15	0	1805	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4892	3976	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:58 PM	839e3e65-ff4b-0000-e952-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 65089484-22b0-4e72-ad79-062b35136706 Path:	4104	1		3	2	15	0	1804	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4892	3976	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:58 PM	839e3e65-ff4b-0000-da52-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): ZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIFdBTlRfSlNPTgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKU2V0LVN0cmljdE1vZGUgLVZlcnNpb24gMgokRXJyb3JBY3Rpb25QcmVmZXJlbmNlID0gIlN0b3AiCgokcGFyc2VkX2FyZ3MgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcmVzdWx0ID0gQHtjaGFuZ2VkPSRmYWxzZX0KCiR2YXJfbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gJHBhcnNlZF9hcmdzICJuYW1lIiAtRGVmYXVsdCAiUEFUSCIKJGVsZW1lbnRzID0gR2V0LUFuc2libGVQYXJhbSAkcGFyc2VkX2FyZ3MgImVsZW1lbnRzIiAtRmFpbElmRW1wdHkgJHJlc3VsdAokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtICRwYXJzZWRfYXJncyAic3RhdGUiIC1EZWZhdWx0ICJwcmVzZW50IiAtVmFsaWRhdGVTZXQgInByZXNlbnQiLCJhYnNlbnQiCiRzY29wZSA9IEdldC1BbnNpYmxlUGFyYW0gJHBhcnNlZF9hcmdzICJzY29wZSIgLURlZmF1bHQgIm1hY2hpbmUiIC1WYWxpZGF0ZVNldCAibWFjaGluZSIsInVzZXIiCgokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gJHBhcnNlZF9hcmdzICJfYW5zaWJsZV9jaGVja19tb2RlIiAtRGVmYXVsdCAkZmFsc2UKCklmICgkZWxlbWVudHMgLWlzIFtzdHJpbmddKSB7CiAgICAkZWxlbWVudHMgPSBAKCRlbGVtZW50cykKfQoKSWYgKCRlbGVtZW50cyAtaXNub3QgW0FycmF5XSkgewogICAgRmFpbC1Kc29uICRyZXN1bHQgImVsZW1lbnRzIG11c3QgYmUgYSBzdHJpbmcgb3IgbGlzdCBvZiBwYXRoIHN0cmluZ3MiCn0KCltTeXN0ZW0uQ29sbGVjdGlvbnMuQXJyYXlMaXN0XSAkcGF0aCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpHZXRFbnZpcm9ubWVudFZhcmlhYmxlKCJQQVRIIiwgJHNjb3BlKS5TcGxpdCgnOycpCiRyZXN1bHQucGF0aF92YWx1ZSA9ICRwYXRoIC1qb2luICI7IgoKCmZvcmVhY2ggKCRlbGVtZW50IGluICRlbGVtZW50cykgewogICAgaWYgKCRzdGF0ZSAtZXEgInByZXNlbnQiKSB7CiAgICAgICAgaWYgKCRwYXRoIC1ub3Rjb250YWlucyAkZWxlbWVudCl7CiAgICAgICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICAgICAgICAgICRwYXRoLkFkZCgkZWxlbWVudCkKICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgIGlmICgkcGF0aCAtY29udGFpbnMgJGVsZW1lbnQpIHsKICAgICAgICAgICAgJHBhdGguUmVtb3ZlKCRlbGVtZW50KQogICAgICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgICAgIH0KICAgIH0KfQoKSWYgKCRyZXN1bHQuY2hhbmdlZCAtYW5kIC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICRyZXN1bHQucGF0aF92YWx1ZSA9ICRwYXRoIC1qb2luICI7IgogICAgW0Vudmlyb25tZW50XTo6U2V0RW52aXJvbm1lbnRWYXJpYWJsZSgiUGF0aCIsICgkcGF0aCAtam9pbiAiOyIpLCBbU3lzdGVtLkVudmlyb25tZW50VmFyaWFibGVUYXJnZXRdOjokc2NvcGUgKQp9CgpFeGl0LUpzb24gJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "elements": ["c:\\python37", "c:\\python37\\scripts"], "_ansible_no_log": false, "_ansible_module_name": "cb_path", "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "state": "present", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 03228d10-c290-4c82-a287-6bb5357af25d Path:	4104	1		3	2	15	0	1803	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4892	3976	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:57 PM	839e3e65-ff4b-0000-d452-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2Fy ScriptBlock ID: 03228d10-c290-4c82-a287-6bb5357af25d Path:	4104	1		3	2	15	0	1802	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4892	3976	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:57 PM	839e3e65-ff4b-0000-d452-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1801	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4892	4552	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:57 PM	839e3e65-ff4b-0001-a34c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4892 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1800	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4892	2260	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:57 PM	839e3e65-ff4b-0001-a34c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1799	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4892	4552	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:57 PM	839e3e65-ff4b-0001-a34c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = d2856338-92af-4cb6-8409-59f29a6a4dbc Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 1cb29324-85ea-4a0c-997e-fd31edceb403 Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1798	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	4156	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:43 PM	839e3e65-ff4b-0000-ad4d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # WANT_JSON #Requires -Module Ansible.ModuleUtils.Legacy $params = Parse-Args $args; $result = @{ cb_unzip = @{} changed = $false } $creates = Get-AnsibleParam -obj $params -name "creates" -type "path" If ($creates -ne $null) { If (Test-Path $creates) { $result.msg = "The 'creates' file or directory ($creates) already exists." Exit-Json $result } } $overwrite = Get-AnsibleParam -obj $params -name "overwrite" -type "bool" -default "false" -ValidateSet "true","false" $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty $true If (-Not (Test-Path -path $src)){ Fail-Json $result "src file: $src does not exist." } $ext = [System.IO.Path]::GetExtension($src) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true If (-Not (Test-Path $dest -PathType Container)){ Try{ New-Item -itemtype directory -path $dest } Catch { $err_msg = $_.Exception.Message Fail-Json $result "Error creating $dest directory! Msg: $err_msg" } } $rm = ConvertTo-Bool (Get-AnsibleParam -obj $params -name "rm" -default "false") If ($ext -eq ".zip") { Try { Add-Type -AssemblyName System.IO.Compression.FileSystem $archive = [System.IO.Compression.ZipFile]::OpenRead($src) foreach ($entry in $archive.Entries) { $entryTargetFilePath = [System.IO.Path]::Combine($dest, $entry.FullName) $entryDir = [System.IO.Path]::GetDirectoryName($entryTargetFilePath) #Ensure the directory of the archive entry exists if(!(Test-Path $entryDir )){ New-Item -ItemType Directory -Path $entryDir | Out-Null } #If the entry is not a directory entry, then extract entry if(!$entryTargetFilePath.EndsWith("\")){ if(Test-Path -path $entryTargetFilePath){ if ($overwrite){ [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entryTargetFilePath, $true); $result.changed = $true } } Else { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entryTargetFilePath, $false); $result.changed = $true } } } } Catch { $err_msg = $_.Exception.Message Fail-Json $result "Error unzipping $src to $dest! Msg: $err_msg" } } # Requires PSCX Else { # Check if PSCX is installed $list = Get-Module -ListAvailable If (-Not ($list -match "PSCX")) { Fail-Json $result "PowerShellCommunityExtensions PowerShell Module (PSCX) is required for non-'.zip' compressed archive types." } Else { $result.cb_unzip.pscx_status = "present" } # Import Try { Import-Module PSCX } Catch { Fail-Json $result "Error importing module PSCX" } Try { Expand-Archive -Path $src -OutputPath $dest -Force $result.changed = $true } Catch { $err_msg = $_.Exception.Message Fail-Json $result "Error expanding $src to $dest! Msg: $err_msg" } } If ($rm -eq $true){ Remove-Item $src -Recurse -Force $result.cb_unzip.rm = "true" } # Fixes a fail error message (when the task actually succeeds) for a "Convert-ToJson: The converted JSON string is in bad format" # This happens when JSON is parsing a string that ends with a "\", which is possible when specifying a directory to download to. # This catches that possible error, before assigning the JSON $result If ($src[$src.length-1] -eq "\") { $src = $src.Substring(0, $src.length-1) } If ($dest[$dest.length-1] -eq "\") { $dest = $dest.Substring(0, $dest.length-1) } $result.cb_unzip.src = $src.toString() $result.cb_unzip.dest = $dest.toString() Exit-Json $result ScriptBlock ID: c4d05370-21e0-47dc-bd74-c9867ed14a13 Path:	4104	1		3	2	15	0	1797	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	4156	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:43 PM	839e3e65-ff4b-0000-9b4d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 606b5b44-1f27-4c38-9b18-5d7a40ff014c Path:	4104	1		3	2	15	0	1796	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	3252	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:43 PM	839e3e65-ff4b-0005-814a-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 033329a1-0325-4277-97d1-3d867bd2327e Path:	4104	1		3	2	15	0	1795	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	3252	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:43 PM	839e3e65-ff4b-0005-724a-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): luZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIFdBTlRfSlNPTgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzOwoKJHJlc3VsdCA9IEB7CiAgICBjYl91bnppcCA9IEB7fQogICAgY2hhbmdlZCA9ICRmYWxzZQp9CgokY3JlYXRlcyA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJjcmVhdGVzIiAtdHlwZSAicGF0aCIKSWYgKCRjcmVhdGVzIC1uZSAkbnVsbCkgewogICAgSWYgKFRlc3QtUGF0aCAkY3JlYXRlcykgewogICAgICAgICRyZXN1bHQubXNnID0gIlRoZSAnY3JlYXRlcycgZmlsZSBvciBkaXJlY3RvcnkgKCRjcmVhdGVzKSBhbHJlYWR5IGV4aXN0cy4iCiAgICAgICAgRXhpdC1Kc29uICRyZXN1bHQKICAgIH0KfQoKJG92ZXJ3cml0ZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJvdmVyd3JpdGUiIC10eXBlICJib29sIiAtZGVmYXVsdCAiZmFsc2UiIC1WYWxpZGF0ZVNldCAidHJ1ZSIsImZhbHNlIgoKJHNyYyA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJzcmMiIC10eXBlICJwYXRoIiAtZmFpbGlmZW1wdHkgJHRydWUKSWYgKC1Ob3QgKFRlc3QtUGF0aCAtcGF0aCAkc3JjKSl7CiAgICBGYWlsLUpzb24gJHJlc3VsdCAic3JjIGZpbGU6ICRzcmMgZG9lcyBub3QgZXhpc3QuIgp9CgokZXh0ID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RXh0ZW5zaW9uKCRzcmMpCgoKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQpJZiAoLU5vdCAoVGVzdC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKXsKICAgIFRyeXsKICAgICAgICBOZXctSXRlbSAtaXRlbXR5cGUgZGlyZWN0b3J5IC1wYXRoICRkZXN0CiAgICB9CiAgICBDYXRjaCB7CiAgICAgICAgJGVycl9tc2cgPSAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJFcnJvciBjcmVhdGluZyAkZGVzdCBkaXJlY3RvcnkhIE1zZzogJGVycl9tc2ciCiAgICB9Cn0KCiRybSA9IENvbnZlcnRUby1Cb29sIChHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAicm0iIC1kZWZhdWx0ICJmYWxzZSIpCgpJZiAoJGV4dCAtZXEgIi56aXAiKSB7CiAgICBUcnkgewogICAgICAgIEFkZC1UeXBlIC1Bc3NlbWJseU5hbWUgU3lzdGVtLklPLkNvbXByZXNzaW9uLkZpbGVTeXN0ZW0KICAgICAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW5SZWFkKCRzcmMpCiAgICAgICAgZm9yZWFjaCAoJGVudHJ5IGluICRhcmNoaXZlLkVudHJpZXMpCiAgICAgICAgewogICAgICAgICAgICAkZW50cnlUYXJnZXRGaWxlUGF0aCA9IFtTeXN0ZW0uSU8uUGF0aF06OkNvbWJpbmUoJGRlc3QsICRlbnRyeS5GdWxsTmFtZSkKICAgICAgICAgICAgJGVudHJ5RGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZW50cnlUYXJnZXRGaWxlUGF0aCkKICAgICAgICAKICAgICAgICAgICAgI0Vuc3VyZSB0aGUgZGlyZWN0b3J5IG9mIHRoZSBhcmNoaXZlIGVudHJ5IGV4aXN0cwogICAgICAgICAgICBpZighKFRlc3QtUGF0aCAkZW50cnlEaXIgKSl7CiAgICAgICAgICAgICAgICBOZXctSXRlbSAtSXRlbVR5cGUgRGlyZWN0b3J5IC1QYXRoICRlbnRyeURpciB8IE91dC1OdWxsIAogICAgICAgICAgICB9CiAgICAgICAgICAgIAogICAgICAgICAgICAjSWYgdGhlIGVudHJ5IGlzIG5vdCBhIGRpcmVjdG9yeSBlbnRyeSwgdGhlbiBleHRyYWN0IGVudHJ5CiAgICAgICAgICAgIGlmKCEkZW50cnlUYXJnZXRGaWxlUGF0aC5FbmRzV2l0aCgiXCIpKXsKICAgICAgICAgICAgICAgIGlmKFRlc3QtUGF0aCAtcGF0aCAkZW50cnlUYXJnZXRGaWxlUGF0aCl7CiAgICAgICAgICAgICAgICAgICAgaWYgKCRvdmVyd3JpdGUpewogICAgICAgICAgICAgICAgICAgICAgICBbU3lzdGVtLklPLkNvbXByZXNzaW9uLlppcEZpbGVFeHRlbnNpb25zXTo6RXh0cmFjdFRvRmlsZSgkZW50cnksICRlbnRyeVRhcmdldEZpbGVQYXRoLCAkdHJ1ZSk7CiAgICAgICAgICAgICAgICAgICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICAgICAgICAgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBGaWxlRXh0ZW5zaW9uc106OkV4dHJhY3RUb0ZpbGUoJGVudHJ5LCAkZW50cnlUYXJnZXRGaWxlUGF0aCwgJGZhbHNlKTsKICAgICAgICAgICAgICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICRlcnJfbXNnID0gJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAiRXJyb3IgdW56aXBwaW5nICRzcmMgdG8gJGRlc3QhIE1zZzogJGVycl9tc2ciCiAgICB9Cn0KIyBSZXF1aXJlcyBQU0NYCkVsc2UgewogICAgIyBDaGVjayBpZiBQU0NYIGlzIGluc3RhbGxlZAogICAgJGxpc3QgPSBHZXQtTW9kdWxlIC1MaXN0QXZhaWxhYmxlCgogICAgSWYgKC1Ob3QgKCRsaXN0IC1tYXRjaCAiUFNDWCIpKSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgIlBvd2VyU2hlbGxDb21tdW5pdHlFeHRlbnNpb25zIFBvd2VyU2hlbGwgTW9kdWxlIChQU0NYKSBpcyByZXF1aXJlZCBmb3Igbm9uLScuemlwJyBjb21wcmVzc2VkIGFyY2hpdmUgdHlwZXMuIgogICAgfQogICAgRWxzZSB7CiAgICAgICAgJHJlc3VsdC5jYl91bnppcC5wc2N4X3N0YXR1cyA9ICJwcmVzZW50IgogICAgfQoKICAgICMgSW1wb3J0CiAgICBUcnkgewogICAgICAgIEltcG9ydC1Nb2R1bGUgUFNDWAogICAgfQogICAgQ2F0Y2ggewogICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJFcnJvciBpbXBvcnRpbmcgbW9kdWxlIFBTQ1giCiAgICB9CgogICAgVHJ5IHsKICAgICAgICBFeHBhbmQtQXJjaGl2ZSAtUGF0aCAkc3JjIC1PdXRwdXRQYXRoICRkZXN0IC1Gb3JjZSAKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICRlcnJfbXNnID0gJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAiRXJyb3IgZXhwYW5kaW5nICRzcmMgdG8gJGRlc3QhIE1zZzogJGVycl9tc2ciCiAgICB9Cn0KCklmICgkcm0gLWVxICR0cnVlKXsKICAgIFJlbW92ZS1JdGVtICRzcmMgLVJlY3Vyc2UgLUZvcmNlCiAgICAkcmVzdWx0LmNiX3VuemlwLnJtID0gInRydWUiCn0KCiMgRml4ZXMgYSBmYWlsIGVycm9yIG1lc3NhZ2UgKHdoZW4gdGhlIHRhc2sgYWN0dWFsbHkgc3VjY2VlZHMpIGZvciBhICJDb252ZXJ0LVRvSnNvbjogVGhlIGNvbnZlcnRlZCBKU09OIHN0cmluZyBpcyBpbiBiYWQgZm9ybWF0IgojIFRoaXMgaGFwcGVucyB3aGVuIEpTT04gaXMgcGFyc2luZyBhIHN0cmluZyB0aGF0IGVuZHMgd2l0aCBhICJcIiwgd2hpY2ggaXMgcG9zc2libGUgd2hlbiBzcGVjaWZ5aW5nIGEgZGlyZWN0b3J5IHRvIGRvd25sb2FkIHRvLgojIFRoaXMgY2F0Y2hlcyB0aGF0IHBvc3NpYmxlIGVycm9yLCBiZWZvcmUgYXNzaWduaW5nIHRoZSBKU09OICRyZXN1bHQKSWYgKCRzcmNbJHNyYy5sZW5ndGgtMV0gLWVxICJcIikgewogICAgJHNyYyA9ICRzcmMuU3Vic3RyaW5nKDAsICRzcmMubGVuZ3RoLTEpCn0KSWYgKCRkZXN0WyRkZXN0Lmxlbmd0aC0xXSAtZXEgIlwiKSB7CiAgICAkZGVzdCA9ICRkZXN0LlN1YnN0cmluZygwLCAkZGVzdC5sZW5ndGgtMSkKfQokcmVzdWx0LmNiX3VuemlwLnNyYyA9ICRzcmMudG9TdHJpbmcoKQokcmVzdWx0LmNiX3VuemlwLmRlc3QgPSAkZGVzdC50b1N0cmluZygpCgpFeGl0LUpzb24gJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "src": "c:\\openstack\\tmp\\python.zip", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "dest": "c:\\python37", "_ansible_module_name": "cb_unzip", "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 295547dd-4dec-48e2-943f-2232d69b81bf Path:	4104	1		3	2	15	0	1794	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	3252	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:43 PM	839e3e65-ff4b-0005-6c4a-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cm ScriptBlock ID: 295547dd-4dec-48e2-943f-2232d69b81bf Path:	4104	1		3	2	15	0	1793	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	3252	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:43 PM	839e3e65-ff4b-0005-6c4a-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1792	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	4232	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:43 PM	839e3e65-ff4b-0001-7f4c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2744 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1791	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	4984	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:43 PM	839e3e65-ff4b-0001-7f4c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1790	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	4232	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:43 PM	839e3e65-ff4b-0001-7f4c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using System.Security.Principal; using System.Text; namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = dee27cc8-c3d7-40a5-bb05-16b11194f1f9 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = c64b05af-1410-4f97-a34d-c35baaecda34 Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 36 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1789	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4612	2892	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:41 PM	839e3e65-ff4b-0000-954d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = dee27cc8-c3d7-40a5-bb05-16b11194f1f9 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = c64b05af-1410-4f97-a34d-c35baaecda34 Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1788	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4612	2892	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:41 PM	839e3e65-ff4b-0002-90d0-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: de87c041-9acd-4615-ad24-3d191d2280f9 Path:	4104	1		3	2	15	0	1787	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4612	3244	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:40 PM	839e3e65-ff4b-0003-885e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): and won't be part of the returned dict #> [CmdletBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to force csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privilege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current process' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # once a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: 6f929b24-6d2c-4be8-8bab-22b511b90ad8 Path:	4104	1		3	2	15	0	1786	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4612	3244	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:40 PM	839e3e65-ff4b-0003-845e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can be used; Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlying .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to manipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the original state. If you remove a privilege then this is irreversible ScriptBlock ID: 6f929b24-6d2c-4be8-8bab-22b511b90ad8 Path:	4104	1		3	2	15	0	1785	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4612	3244	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:40 PM	839e3e65-ff4b-0003-845e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 1e8b1caa-3b03-41ea-9196-881b9ea7868e Path:	4104	1		3	2	15	0	1784	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4612	3244	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:40 PM	839e3e65-ff4b-0003-805e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: e3174c49-c04e-4a98-bba6-6d658d51ce62 Path:	4104	1		3	2	15	0	1783	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4612	3244	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:39 PM	839e3e65-ff4b-0003-715e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (8 of 8): _args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_stat", "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\tmp\\python.zip", "_ansible_tmpdir": null, "_ansible_check_mode": false}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 45659812-b1f3-4fd5-99f1-3992d77e27b1 Path:	4104	1		3	2	15	0	1782	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4612	3244	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:39 PM	839e3e65-ff4b-0003-6b5e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (7 of 8): tZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMDEvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgICBmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJlbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2hhcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KCiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogICAgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmtfaW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGFyZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module ScriptBlock ID: 45659812-b1f3-4fd5-99f1-3992d77e27b1 Path:	4104	1		3	2	15	0	1781	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4612	3244	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:39 PM	839e3e65-ff4b-0003-6b5e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 8): zCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmF ScriptBlock ID: 45659812-b1f3-4fd5-99f1-3992d77e27b1 Path:	4104	1		3	2	15	0	1780	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4612	3244	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:39 PM	839e3e65-ff4b-0003-6b5e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 8): CAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0aCkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpbmtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KICAgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCgkbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0aCwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rpb24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2F ScriptBlock ID: 45659812-b1f3-4fd5-99f1-3992d77e27b1 Path:	4104	1		3	2	15	0	1779	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4612	3244	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:39 PM	839e3e65-ff4b-0003-6b5e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 8): CAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZWF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQzMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29udHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIEludFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpbmsoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogICAgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0aCA9IGhhcmRMaW5rUGF0aC5TdWJzdHJpbmcoMSwgaGFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkTGlua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhbmRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgICAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgICAgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgI ScriptBlock ID: 45659812-b1f3-4fd5-99f1-3992d77e27b1 Path:	4104	1		3	2	15	0	1778	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4612	3244	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:39 PM	839e3e65-ff4b-0003-6b5e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 8): D0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGVsbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92ZSBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiAkc3RhdHVzLkhhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpKSB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGxhYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZW4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRVRfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKICAgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogI ScriptBlock ID: 45659812-b1f3-4fd5-99f1-3992d77e27b1 Path:	4104	1		3	2	15	0	1777	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4612	3244	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:39 PM	839e3e65-ff4b-0003-6b5e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 8): W50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwuUHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAgICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0pIGZhaWxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpdmlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpbGVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3RhdGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hcnNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0aGVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzLCBuZXdTdGF0ZUJ5dGVzLCAwKTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgICAgICAgICAgZm9yIChpbnQgaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICAgICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgICAgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8IGVyckNvZGUgIT0gMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJvKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmFyeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGFsLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyI ScriptBlock ID: 45659812-b1f3-4fd5-99f1-3992d77e27b1 Path:	4104	1		3	2	15	0	1776	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4612	3244	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:39 PM	839e3e65-ff4b-0003-6b5e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 8): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpbGVnZSkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmxlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBwcml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwgVE9LRU5fUFJJVklMRUdFUywgS ScriptBlock ID: 45659812-b1f3-4fd5-99f1-3992d77e27b1 Path:	4104	1		3	2	15	0	1775	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4612	3244	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:39 PM	839e3e65-ff4b-0003-6b5e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1774	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4612	676	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:39 PM	839e3e65-ff4b-0001-6c4c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4612 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1773	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4612	1888	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:39 PM	839e3e65-ff4b-0001-6c4c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1772	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4612	676	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:39 PM	839e3e65-ff4b-0001-6c4c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # WANT_JSON #Requires -Module Ansible.ModuleUtils.Legacy Set-StrictMode -Version 2 $ErrorActionPreference = "Stop" $parsed_args = Parse-Args $args -supports_check_mode $true $result = @{changed=$false} $var_name = Get-AnsibleParam $parsed_args "name" -Default "PATH" $elements = Get-AnsibleParam $parsed_args "elements" -FailIfEmpty $result $state = Get-AnsibleParam $parsed_args "state" -Default "present" -ValidateSet "present","absent" $scope = Get-AnsibleParam $parsed_args "scope" -Default "machine" -ValidateSet "machine","user" $check_mode = Get-AnsibleParam $parsed_args "_ansible_check_mode" -Default $false If ($elements -is [string]) { $elements = @($elements) } If ($elements -isnot [Array]) { Fail-Json $result "elements must be a string or list of path strings" } [System.Collections.ArrayList] $path = [System.Environment]::GetEnvironmentVariable("PATH", $scope).Split(';') $result.path_value = $path -join ";" foreach ($element in $elements) { if ($state -eq "present") { if ($path -notcontains $element){ $result.changed = $true $path.Add($element) } } else { if ($path -contains $element) { $path.Remove($element) $result.changed = $true } } } If ($result.changed -and -not $check_mode) { $result.path_value = $path -join ";" [Environment]::SetEnvironmentVariable("Path", ($path -join ";"), [System.EnvironmentVariableTarget]::$scope ) } Exit-Json $result ScriptBlock ID: f948240d-4c19-4717-8c3c-fa2518ca62f1 Path:	4104	1		3	2	15	0	1771	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	600	4960	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:38 PM	839e3e65-ff4b-0000-634d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 27fad1a7-7861-4939-b18d-954819d048e0 Path:	4104	1		3	2	15	0	1770	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	600	524	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:38 PM	839e3e65-ff4b-0005-514a-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: ac68a3cd-ce83-4994-a2de-d5128c96fd0f Path:	4104	1		3	2	15	0	1769	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	600	524	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:38 PM	839e3e65-ff4b-0005-424a-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): WxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIFdBTlRfSlNPTgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKU2V0LVN0cmljdE1vZGUgLVZlcnNpb24gMgokRXJyb3JBY3Rpb25QcmVmZXJlbmNlID0gIlN0b3AiCgokcGFyc2VkX2FyZ3MgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcmVzdWx0ID0gQHtjaGFuZ2VkPSRmYWxzZX0KCiR2YXJfbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gJHBhcnNlZF9hcmdzICJuYW1lIiAtRGVmYXVsdCAiUEFUSCIKJGVsZW1lbnRzID0gR2V0LUFuc2libGVQYXJhbSAkcGFyc2VkX2FyZ3MgImVsZW1lbnRzIiAtRmFpbElmRW1wdHkgJHJlc3VsdAokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtICRwYXJzZWRfYXJncyAic3RhdGUiIC1EZWZhdWx0ICJwcmVzZW50IiAtVmFsaWRhdGVTZXQgInByZXNlbnQiLCJhYnNlbnQiCiRzY29wZSA9IEdldC1BbnNpYmxlUGFyYW0gJHBhcnNlZF9hcmdzICJzY29wZSIgLURlZmF1bHQgIm1hY2hpbmUiIC1WYWxpZGF0ZVNldCAibWFjaGluZSIsInVzZXIiCgokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gJHBhcnNlZF9hcmdzICJfYW5zaWJsZV9jaGVja19tb2RlIiAtRGVmYXVsdCAkZmFsc2UKCklmICgkZWxlbWVudHMgLWlzIFtzdHJpbmddKSB7CiAgICAkZWxlbWVudHMgPSBAKCRlbGVtZW50cykKfQoKSWYgKCRlbGVtZW50cyAtaXNub3QgW0FycmF5XSkgewogICAgRmFpbC1Kc29uICRyZXN1bHQgImVsZW1lbnRzIG11c3QgYmUgYSBzdHJpbmcgb3IgbGlzdCBvZiBwYXRoIHN0cmluZ3MiCn0KCltTeXN0ZW0uQ29sbGVjdGlvbnMuQXJyYXlMaXN0XSAkcGF0aCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpHZXRFbnZpcm9ubWVudFZhcmlhYmxlKCJQQVRIIiwgJHNjb3BlKS5TcGxpdCgnOycpCiRyZXN1bHQucGF0aF92YWx1ZSA9ICRwYXRoIC1qb2luICI7IgoKCmZvcmVhY2ggKCRlbGVtZW50IGluICRlbGVtZW50cykgewogICAgaWYgKCRzdGF0ZSAtZXEgInByZXNlbnQiKSB7CiAgICAgICAgaWYgKCRwYXRoIC1ub3Rjb250YWlucyAkZWxlbWVudCl7CiAgICAgICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICAgICAgICAgICRwYXRoLkFkZCgkZWxlbWVudCkKICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgIGlmICgkcGF0aCAtY29udGFpbnMgJGVsZW1lbnQpIHsKICAgICAgICAgICAgJHBhdGguUmVtb3ZlKCRlbGVtZW50KQogICAgICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgICAgIH0KICAgIH0KfQoKSWYgKCRyZXN1bHQuY2hhbmdlZCAtYW5kIC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICRyZXN1bHQucGF0aF92YWx1ZSA9ICRwYXRoIC1qb2luICI7IgogICAgW0Vudmlyb25tZW50XTo6U2V0RW52aXJvbm1lbnRWYXJpYWJsZSgiUGF0aCIsICgkcGF0aCAtam9pbiAiOyIpLCBbU3lzdGVtLkVudmlyb25tZW50VmFyaWFibGVUYXJnZXRdOjokc2NvcGUgKQp9CgpFeGl0LUpzb24gJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "elements": ["c:\\openstack\\bin"], "_ansible_no_log": false, "_ansible_module_name": "cb_path", "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "state": "present", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: f61fa145-04f5-4f28-bfc1-5a487ae4a219 Path:	4104	1		3	2	15	0	1768	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	600	524	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:38 PM	839e3e65-ff4b-0005-3c4a-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5Ga ScriptBlock ID: f61fa145-04f5-4f28-bfc1-5a487ae4a219 Path:	4104	1		3	2	15	0	1767	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	600	524	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:38 PM	839e3e65-ff4b-0005-3c4a-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1766	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	600	4204	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:37 PM	839e3e65-ff4b-0001-594c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 600 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1765	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	600	808	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:37 PM	839e3e65-ff4b-0001-594c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1764	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	600	4204	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:37 PM	839e3e65-ff4b-0001-594c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = af1a51a0-3075-458c-aa81-c9307588b9b5 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = eff8734a-892c-44dd-943c-661f1bf64dde Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1763	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1356	740	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:37 PM	839e3e65-ff4b-0001-364c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # WANT_JSON #Requires -Module Ansible.ModuleUtils.Legacy $params = Parse-Args $args; $result = @{ cb_unzip = @{} changed = $false } $creates = Get-AnsibleParam -obj $params -name "creates" -type "path" If ($creates -ne $null) { If (Test-Path $creates) { $result.msg = "The 'creates' file or directory ($creates) already exists." Exit-Json $result } } $overwrite = Get-AnsibleParam -obj $params -name "overwrite" -type "bool" -default "false" -ValidateSet "true","false" $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty $true If (-Not (Test-Path -path $src)){ Fail-Json $result "src file: $src does not exist." } $ext = [System.IO.Path]::GetExtension($src) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true If (-Not (Test-Path $dest -PathType Container)){ Try{ New-Item -itemtype directory -path $dest } Catch { $err_msg = $_.Exception.Message Fail-Json $result "Error creating $dest directory! Msg: $err_msg" } } $rm = ConvertTo-Bool (Get-AnsibleParam -obj $params -name "rm" -default "false") If ($ext -eq ".zip") { Try { Add-Type -AssemblyName System.IO.Compression.FileSystem $archive = [System.IO.Compression.ZipFile]::OpenRead($src) foreach ($entry in $archive.Entries) { $entryTargetFilePath = [System.IO.Path]::Combine($dest, $entry.FullName) $entryDir = [System.IO.Path]::GetDirectoryName($entryTargetFilePath) #Ensure the directory of the archive entry exists if(!(Test-Path $entryDir )){ New-Item -ItemType Directory -Path $entryDir | Out-Null } #If the entry is not a directory entry, then extract entry if(!$entryTargetFilePath.EndsWith("\")){ if(Test-Path -path $entryTargetFilePath){ if ($overwrite){ [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entryTargetFilePath, $true); $result.changed = $true } } Else { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entryTargetFilePath, $false); $result.changed = $true } } } } Catch { $err_msg = $_.Exception.Message Fail-Json $result "Error unzipping $src to $dest! Msg: $err_msg" } } # Requires PSCX Else { # Check if PSCX is installed $list = Get-Module -ListAvailable If (-Not ($list -match "PSCX")) { Fail-Json $result "PowerShellCommunityExtensions PowerShell Module (PSCX) is required for non-'.zip' compressed archive types." } Else { $result.cb_unzip.pscx_status = "present" } # Import Try { Import-Module PSCX } Catch { Fail-Json $result "Error importing module PSCX" } Try { Expand-Archive -Path $src -OutputPath $dest -Force $result.changed = $true } Catch { $err_msg = $_.Exception.Message Fail-Json $result "Error expanding $src to $dest! Msg: $err_msg" } } If ($rm -eq $true){ Remove-Item $src -Recurse -Force $result.cb_unzip.rm = "true" } # Fixes a fail error message (when the task actually succeeds) for a "Convert-ToJson: The converted JSON string is in bad format" # This happens when JSON is parsing a string that ends with a "\", which is possible when specifying a directory to download to. # This catches that possible error, before assigning the JSON $result If ($src[$src.length-1] -eq "\") { $src = $src.Substring(0, $src.length-1) } If ($dest[$dest.length-1] -eq "\") { $dest = $dest.Substring(0, $dest.length-1) } $result.cb_unzip.src = $src.toString() $result.cb_unzip.dest = $dest.toString() Exit-Json $result ScriptBlock ID: 6af6c751-c296-4520-b236-8845196719b6 Path:	4104	1		3	2	15	0	1762	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1356	740	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:36 PM	839e3e65-ff4b-0001-244c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 1f12d627-7f92-4905-8ae7-32a9a5016e66 Path:	4104	1		3	2	15	0	1761	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1356	4652	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:36 PM	839e3e65-ff4b-0001-174c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: a4ad6185-f33d-4bdc-83bc-34f068d962ff Path:	4104	1		3	2	15	0	1760	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1356	4652	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:36 PM	839e3e65-ff4b-0001-084c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): WNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIFdBTlRfSlNPTgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzOwoKJHJlc3VsdCA9IEB7CiAgICBjYl91bnppcCA9IEB7fQogICAgY2hhbmdlZCA9ICRmYWxzZQp9CgokY3JlYXRlcyA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJjcmVhdGVzIiAtdHlwZSAicGF0aCIKSWYgKCRjcmVhdGVzIC1uZSAkbnVsbCkgewogICAgSWYgKFRlc3QtUGF0aCAkY3JlYXRlcykgewogICAgICAgICRyZXN1bHQubXNnID0gIlRoZSAnY3JlYXRlcycgZmlsZSBvciBkaXJlY3RvcnkgKCRjcmVhdGVzKSBhbHJlYWR5IGV4aXN0cy4iCiAgICAgICAgRXhpdC1Kc29uICRyZXN1bHQKICAgIH0KfQoKJG92ZXJ3cml0ZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJvdmVyd3JpdGUiIC10eXBlICJib29sIiAtZGVmYXVsdCAiZmFsc2UiIC1WYWxpZGF0ZVNldCAidHJ1ZSIsImZhbHNlIgoKJHNyYyA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJzcmMiIC10eXBlICJwYXRoIiAtZmFpbGlmZW1wdHkgJHRydWUKSWYgKC1Ob3QgKFRlc3QtUGF0aCAtcGF0aCAkc3JjKSl7CiAgICBGYWlsLUpzb24gJHJlc3VsdCAic3JjIGZpbGU6ICRzcmMgZG9lcyBub3QgZXhpc3QuIgp9CgokZXh0ID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RXh0ZW5zaW9uKCRzcmMpCgoKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQpJZiAoLU5vdCAoVGVzdC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKXsKICAgIFRyeXsKICAgICAgICBOZXctSXRlbSAtaXRlbXR5cGUgZGlyZWN0b3J5IC1wYXRoICRkZXN0CiAgICB9CiAgICBDYXRjaCB7CiAgICAgICAgJGVycl9tc2cgPSAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJFcnJvciBjcmVhdGluZyAkZGVzdCBkaXJlY3RvcnkhIE1zZzogJGVycl9tc2ciCiAgICB9Cn0KCiRybSA9IENvbnZlcnRUby1Cb29sIChHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAicm0iIC1kZWZhdWx0ICJmYWxzZSIpCgpJZiAoJGV4dCAtZXEgIi56aXAiKSB7CiAgICBUcnkgewogICAgICAgIEFkZC1UeXBlIC1Bc3NlbWJseU5hbWUgU3lzdGVtLklPLkNvbXByZXNzaW9uLkZpbGVTeXN0ZW0KICAgICAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW5SZWFkKCRzcmMpCiAgICAgICAgZm9yZWFjaCAoJGVudHJ5IGluICRhcmNoaXZlLkVudHJpZXMpCiAgICAgICAgewogICAgICAgICAgICAkZW50cnlUYXJnZXRGaWxlUGF0aCA9IFtTeXN0ZW0uSU8uUGF0aF06OkNvbWJpbmUoJGRlc3QsICRlbnRyeS5GdWxsTmFtZSkKICAgICAgICAgICAgJGVudHJ5RGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZW50cnlUYXJnZXRGaWxlUGF0aCkKICAgICAgICAKICAgICAgICAgICAgI0Vuc3VyZSB0aGUgZGlyZWN0b3J5IG9mIHRoZSBhcmNoaXZlIGVudHJ5IGV4aXN0cwogICAgICAgICAgICBpZighKFRlc3QtUGF0aCAkZW50cnlEaXIgKSl7CiAgICAgICAgICAgICAgICBOZXctSXRlbSAtSXRlbVR5cGUgRGlyZWN0b3J5IC1QYXRoICRlbnRyeURpciB8IE91dC1OdWxsIAogICAgICAgICAgICB9CiAgICAgICAgICAgIAogICAgICAgICAgICAjSWYgdGhlIGVudHJ5IGlzIG5vdCBhIGRpcmVjdG9yeSBlbnRyeSwgdGhlbiBleHRyYWN0IGVudHJ5CiAgICAgICAgICAgIGlmKCEkZW50cnlUYXJnZXRGaWxlUGF0aC5FbmRzV2l0aCgiXCIpKXsKICAgICAgICAgICAgICAgIGlmKFRlc3QtUGF0aCAtcGF0aCAkZW50cnlUYXJnZXRGaWxlUGF0aCl7CiAgICAgICAgICAgICAgICAgICAgaWYgKCRvdmVyd3JpdGUpewogICAgICAgICAgICAgICAgICAgICAgICBbU3lzdGVtLklPLkNvbXByZXNzaW9uLlppcEZpbGVFeHRlbnNpb25zXTo6RXh0cmFjdFRvRmlsZSgkZW50cnksICRlbnRyeVRhcmdldEZpbGVQYXRoLCAkdHJ1ZSk7CiAgICAgICAgICAgICAgICAgICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICAgICAgICAgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBGaWxlRXh0ZW5zaW9uc106OkV4dHJhY3RUb0ZpbGUoJGVudHJ5LCAkZW50cnlUYXJnZXRGaWxlUGF0aCwgJGZhbHNlKTsKICAgICAgICAgICAgICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICRlcnJfbXNnID0gJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAiRXJyb3IgdW56aXBwaW5nICRzcmMgdG8gJGRlc3QhIE1zZzogJGVycl9tc2ciCiAgICB9Cn0KIyBSZXF1aXJlcyBQU0NYCkVsc2UgewogICAgIyBDaGVjayBpZiBQU0NYIGlzIGluc3RhbGxlZAogICAgJGxpc3QgPSBHZXQtTW9kdWxlIC1MaXN0QXZhaWxhYmxlCgogICAgSWYgKC1Ob3QgKCRsaXN0IC1tYXRjaCAiUFNDWCIpKSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgIlBvd2VyU2hlbGxDb21tdW5pdHlFeHRlbnNpb25zIFBvd2VyU2hlbGwgTW9kdWxlIChQU0NYKSBpcyByZXF1aXJlZCBmb3Igbm9uLScuemlwJyBjb21wcmVzc2VkIGFyY2hpdmUgdHlwZXMuIgogICAgfQogICAgRWxzZSB7CiAgICAgICAgJHJlc3VsdC5jYl91bnppcC5wc2N4X3N0YXR1cyA9ICJwcmVzZW50IgogICAgfQoKICAgICMgSW1wb3J0CiAgICBUcnkgewogICAgICAgIEltcG9ydC1Nb2R1bGUgUFNDWAogICAgfQogICAgQ2F0Y2ggewogICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJFcnJvciBpbXBvcnRpbmcgbW9kdWxlIFBTQ1giCiAgICB9CgogICAgVHJ5IHsKICAgICAgICBFeHBhbmQtQXJjaGl2ZSAtUGF0aCAkc3JjIC1PdXRwdXRQYXRoICRkZXN0IC1Gb3JjZSAKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICRlcnJfbXNnID0gJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAiRXJyb3IgZXhwYW5kaW5nICRzcmMgdG8gJGRlc3QhIE1zZzogJGVycl9tc2ciCiAgICB9Cn0KCklmICgkcm0gLWVxICR0cnVlKXsKICAgIFJlbW92ZS1JdGVtICRzcmMgLVJlY3Vyc2UgLUZvcmNlCiAgICAkcmVzdWx0LmNiX3VuemlwLnJtID0gInRydWUiCn0KCiMgRml4ZXMgYSBmYWlsIGVycm9yIG1lc3NhZ2UgKHdoZW4gdGhlIHRhc2sgYWN0dWFsbHkgc3VjY2VlZHMpIGZvciBhICJDb252ZXJ0LVRvSnNvbjogVGhlIGNvbnZlcnRlZCBKU09OIHN0cmluZyBpcyBpbiBiYWQgZm9ybWF0IgojIFRoaXMgaGFwcGVucyB3aGVuIEpTT04gaXMgcGFyc2luZyBhIHN0cmluZyB0aGF0IGVuZHMgd2l0aCBhICJcIiwgd2hpY2ggaXMgcG9zc2libGUgd2hlbiBzcGVjaWZ5aW5nIGEgZGlyZWN0b3J5IHRvIGRvd25sb2FkIHRvLgojIFRoaXMgY2F0Y2hlcyB0aGF0IHBvc3NpYmxlIGVycm9yLCBiZWZvcmUgYXNzaWduaW5nIHRoZSBKU09OICRyZXN1bHQKSWYgKCRzcmNbJHNyYy5sZW5ndGgtMV0gLWVxICJcIikgewogICAgJHNyYyA9ICRzcmMuU3Vic3RyaW5nKDAsICRzcmMubGVuZ3RoLTEpCn0KSWYgKCRkZXN0WyRkZXN0Lmxlbmd0aC0xXSAtZXEgIlwiKSB7CiAgICAkZGVzdCA9ICRkZXN0LlN1YnN0cmluZygwLCAkZGVzdC5sZW5ndGgtMSkKfQokcmVzdWx0LmNiX3VuemlwLnNyYyA9ICRzcmMudG9TdHJpbmcoKQokcmVzdWx0LmNiX3VuemlwLmRlc3QgPSAkZGVzdC50b1N0cmluZygpCgpFeGl0LUpzb24gJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "src": "c:\\openstack\\tmp\\utils.zip", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "dest": "c:\\openstack\\bin", "_ansible_module_name": "cb_unzip", "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: caea2614-8372-407c-8bb1-0f5aa56252e3 Path:	4104	1		3	2	15	0	1759	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1356	4652	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:36 PM	839e3e65-ff4b-0001-024c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2a ScriptBlock ID: caea2614-8372-407c-8bb1-0f5aa56252e3 Path:	4104	1		3	2	15	0	1758	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1356	4652	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:36 PM	839e3e65-ff4b-0001-024c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1757	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1356	5016	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:36 PM	839e3e65-ff4b-0002-76d0-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1356 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1756	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1356	4776	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:36 PM	839e3e65-ff4b-0002-76d0-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1755	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1356	5016	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:36 PM	839e3e65-ff4b-0002-76d0-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using System.Security.Principal; using System.Text; namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 9b5ea1df-cd42-44fd-8ad7-b99a15130f9a Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 8951f860-92b8-4321-a291-fb467c9a48ed Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 36 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1754	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4220	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:35 PM	839e3e65-ff4b-0003-4b5e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 9b5ea1df-cd42-44fd-8ad7-b99a15130f9a Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 8951f860-92b8-4321-a291-fb467c9a48ed Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1753	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4220	5032	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:34 PM	839e3e65-ff4b-0002-6bd0-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 26faa837-9d47-48b3-b964-750c72142930 Path:	4104	1		3	2	15	0	1752	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4220	4820	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:34 PM	839e3e65-ff4b-0000-3d4d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): letBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to force csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privilege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current process' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # once a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: 94c674b7-0900-4312-9fc0-f32218f82fb6 Path:	4104	1		3	2	15	0	1751	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4220	4820	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:33 PM	839e3e65-ff4b-0000-394d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can be used; Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlying .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to manipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the original state. If you remove a privilege then this is irreversible and won't be part of the returned dict #> [Cmd ScriptBlock ID: 94c674b7-0900-4312-9fc0-f32218f82fb6 Path:	4104	1		3	2	15	0	1750	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4220	4820	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:33 PM	839e3e65-ff4b-0000-394d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 7076725c-a22e-42dc-91bf-0fc01a568c15 Path:	4104	1		3	2	15	0	1749	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4220	4820	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:33 PM	839e3e65-ff4b-0005-144a-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 887b9c7d-643d-4924-ab3a-36a9a7e3fb41 Path:	4104	1		3	2	15	0	1748	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4220	4820	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:33 PM	839e3e65-ff4b-0000-354d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): 4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMDEvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgICBmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJlbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2hhcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KCiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogICAgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmtfaW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGFyZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_stat", "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\tmp\\utils.zip", "_ansible_tmpdir": null, "_ansible_check_mode": false}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: a9a1bbb0-fa26-4ce5-bed7-85512e20751f Path:	4104	1		3	2	15	0	1747	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4220	4820	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:33 PM	839e3e65-ff4b-0005-074a-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): Rob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV ScriptBlock ID: a9a1bbb0-fa26-4ce5-bed7-85512e20751f Path:	4104	1		3	2	15	0	1746	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4220	4820	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:33 PM	839e3e65-ff4b-0005-074a-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): 0cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIEludFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpbmsoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogICAgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0aCA9IGhhcmRMaW5rUGF0aC5TdWJzdHJpbmcoMSwgaGFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkTGlua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhbmRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgICAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgICAgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0aCkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpbmtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KICAgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCgkbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0aCwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rpb24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweX ScriptBlock ID: a9a1bbb0-fa26-4ce5-bed7-85512e20751f Path:	4104	1		3	2	15	0	1745	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4220	4820	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:33 PM	839e3e65-ff4b-0005-074a-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8IGVyckNvZGUgIT0gMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJvKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmFyeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGFsLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGVsbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92ZSBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiAkc3RhdHVzLkhhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpKSB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGxhYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZW4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRVRfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKICAgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZWF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQzMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29udHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db25 ScriptBlock ID: a9a1bbb0-fa26-4ce5-bed7-85512e20751f Path:	4104	1		3	2	15	0	1744	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4220	4820	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:33 PM	839e3e65-ff4b-0005-074a-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpbGVnZSkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmxlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBwcml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwgVE9LRU5fUFJJVklMRUdFUywgSW50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwuUHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAgICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0pIGZhaWxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpdmlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpbGVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3RhdGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hcnNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0aGVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzLCBuZXdTdGF0ZUJ5dGVzLCAwKTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgICAgICAgICAgZm9yIChpbnQgaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICAgICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgICAgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3 ScriptBlock ID: a9a1bbb0-fa26-4ce5-bed7-85512e20751f Path:	4104	1		3	2	15	0	1743	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4220	4820	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:33 PM	839e3e65-ff4b-0005-074a-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1742	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4220	4256	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:33 PM	839e3e65-ff4b-0001-f84b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4220 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1741	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4220	3640	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:33 PM	839e3e65-ff4b-0001-f84b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1740	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4220	4256	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:33 PM	839e3e65-ff4b-0001-f84b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1739	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2236	1580	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:31 PM	839e3e65-ff4b-0001-f34b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2236 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1738	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2236	3256	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:31 PM	839e3e65-ff4b-0001-f34b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1737	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2236	1580	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:31 PM	839e3e65-ff4b-0001-f34b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1736	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2260	4576	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:31 PM	839e3e65-ff4b-0001-f24b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2260 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1735	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2260	4952	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:31 PM	839e3e65-ff4b-0001-f24b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1734	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2260	4576	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:31 PM	839e3e65-ff4b-0001-f24b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 38108ff4-3d4b-4ac2-9cdb-7e633d0c09f9 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = c2dc1d53-c274-4c73-b3ab-d3faf26fcd0a Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1733	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2664	4116	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:31 PM	839e3e65-ff4b-0001-ef4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = "Stop" $params = Parse-Args $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -default $false $_remote_tmp = Get-AnsibleParam $params "_ansible_remote_tmp" -type "path" -default $env:TMP $path = Get-AnsibleParam -obj $params -name "path" -type "path" -failifempty $true -aliases "dest","name" $state = Get-AnsibleParam -obj $params -name "state" -type "str" -validateset "absent","directory","file","touch" # used in template/copy when dest is the path to a dir and source is a file $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" if ((Test-Path -Path $path -PathType Container) -and ($null -ne $original_basename)) { $path = Join-Path -Path $path -ChildPath $original_basename } $result = @{ changed = $false } # Used to delete symlinks as powershell cannot delete broken symlinks $symlink_util = @" using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } } "@ $original_tmp = $env:TMP $env:TMP = $_remote_tmp Add-Type -TypeDefinition $symlink_util $env:TMP = $original_tmp # Used to delete directories and files with logic on handling symbolic links function Remove-File($file, $checkmode) { try { if ($file.Attributes -band [System.IO.FileAttributes]::ReparsePoint) { # Bug with powershell, if you try and delete a symbolic link that is pointing # to an invalid path it will fail, using Win32 API to do this instead if ($file.PSIsContainer) { if (-not $checkmode) { [Ansible.Command.SymLinkHelper]::DeleteDirectory($file.FullName) } } else { if (-not $checkmode) { [Ansible.Command.SymlinkHelper]::DeleteFile($file.FullName) } } } elseif ($file.PSIsContainer) { Remove-Directory -directory $file -checkmode $checkmode } else { Remove-Item -LiteralPath $file.FullName -Force -WhatIf:$checkmode } } catch [Exception] { Fail-Json $result "Failed to delete $($file.FullName): $($_.Exception.Message)" } } function Remove-Directory($directory, $checkmode) { foreach ($file in Get-ChildItem $directory.FullName) { Remove-File -file $file -checkmode $checkmode } Remove-Item -LiteralPath $directory.FullName -Force -Recurse -WhatIf:$checkmode } if ($state -eq "touch") { if (Test-Path -LiteralPath $path) { if (-not $check_mode) { (Get-ChildItem -LiteralPath $path).LastWriteTime = Get-Date } $result.changed = $true } else { Write-Output $null | Out-File -LiteralPath $path -Encoding ASCII -WhatIf:$check_mode $result.changed = $true } } if (Test-Path -LiteralPath $path) { $fileinfo = Get-Item -LiteralPath $path if ($state -eq "absent") { Remove-File -file $fileinfo -checkmode $check_mode $result.changed = $true } else { if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } if ($state -eq "file" -and $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a file" } } } else { # If state is not supplied, test the $path to see if it looks like # a file or a folder and set state to file or folder if ($state -eq $null) { $basename = Split-Path -Path $path -Leaf if ($basename.length -gt 0) { $state = "file" } else { $state = "directory" } } if ($state -eq "directory") { try { New-Item -Path $path -ItemType Directory -WhatIf:$check_mode | Out-Null } catch { if ($_.CategoryInfo.Category -eq "ResourceExists") { $fileinfo = Get-Item -LiteralPath $_.CategoryInfo.TargetName if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } } else { Fail-Json $result $_.Exception.Message } } $result.changed = $true } elseif ($state -eq "file") { Fail-Json $result "path $path will not be created" } } Exit-Json $result ScriptBlock ID: 9af7962b-6885-492c-ab1b-9824a3c50396 Path:	4104	1		3	2	15	0	1732	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2664	4116	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:31 PM	839e3e65-ff4b-0001-e04b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 59de5d92-670d-498a-b2a4-f0bbd27de40e Path:	4104	1		3	2	15	0	1731	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2664	4372	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:30 PM	839e3e65-ff4b-0000-1c4d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 7963e26c-134b-409b-b1e7-a84bce8a575c Path:	4104	1		3	2	15	0	1730	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2664	4372	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:30 PM	839e3e65-ff4b-0005-ee49-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): VkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtZGVmYXVsdCAkZmFsc2UKJF9yZW1vdGVfdG1wID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJfYW5zaWJsZV9yZW1vdGVfdG1wIiAtdHlwZSAicGF0aCIgLWRlZmF1bHQgJGVudjpUTVAKCiRwYXRoID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInBhdGgiIC10eXBlICJwYXRoIiAtZmFpbGlmZW1wdHkgJHRydWUgLWFsaWFzZXMgImRlc3QiLCJuYW1lIgokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RhdGUiIC10eXBlICJzdHIiIC12YWxpZGF0ZXNldCAiYWJzZW50IiwiZGlyZWN0b3J5IiwiZmlsZSIsInRvdWNoIgoKIyB1c2VkIGluIHRlbXBsYXRlL2NvcHkgd2hlbiBkZXN0IGlzIHRoZSBwYXRoIHRvIGEgZGlyIGFuZCBzb3VyY2UgaXMgYSBmaWxlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCmlmICgoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBDb250YWluZXIpIC1hbmQgKCRudWxsIC1uZSAkb3JpZ2luYWxfYmFzZW5hbWUpKSB7CiAgICAkcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkcGF0aCAtQ2hpbGRQYXRoICRvcmlnaW5hbF9iYXNlbmFtZQp9CgokcmVzdWx0ID0gQHsKICAgIGNoYW5nZWQgPSAkZmFsc2UKfQoKIyBVc2VkIHRvIGRlbGV0ZSBzeW1saW5rcyBhcyBwb3dlcnNoZWxsIGNhbm5vdCBkZWxldGUgYnJva2VuIHN5bWxpbmtzCiRzeW1saW5rX3V0aWwgPSBAIgp1c2luZyBTeXN0ZW07CnVzaW5nIFN5c3RlbS5Db21wb25lbnRNb2RlbDsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwoKbmFtZXNwYWNlIEFuc2libGUuQ29tbWFuZCB7CiAgICBwdWJsaWMgY2xhc3MgU3ltTGlua0hlbHBlciB7CiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIERlbGV0ZUZpbGVXKHN0cmluZyBscEZpbGVOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeVcoc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgRGVsZXRlRGlyZWN0b3J5KHN0cmluZyBwYXRoKSB7CiAgICAgICAgICAgIGlmICghUmVtb3ZlRGlyZWN0b3J5VyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiUmVtb3ZlRGlyZWN0b3J5Vyh7MH0pIGZhaWxlZDogezF9IiwgcGF0aCwgbmV3IFdpbjMyRXhjZXB0aW9uKE1hcnNoYWwuR2V0TGFzdFdpbjMyRXJyb3IoKSkuTWVzc2FnZSkpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUZpbGUoc3RyaW5nIHBhdGgpIHsKICAgICAgICAgICAgaWYgKCFEZWxldGVGaWxlVyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRGVsZXRlRmlsZVcoezB9KSBmYWlsZWQ6IHsxfSIsIHBhdGgsIG5ldyBXaW4zMkV4Y2VwdGlvbihNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCkpLk1lc3NhZ2UpKTsKICAgICAgICB9CiAgICB9Cn0KIkAKJG9yaWdpbmFsX3RtcCA9ICRlbnY6VE1QCiRlbnY6VE1QID0gJF9yZW1vdGVfdG1wCkFkZC1UeXBlIC1UeXBlRGVmaW5pdGlvbiAkc3ltbGlua191dGlsCiRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKIyBVc2VkIHRvIGRlbGV0ZSBkaXJlY3RvcmllcyBhbmQgZmlsZXMgd2l0aCBsb2dpYyBvbiBoYW5kbGluZyBzeW1ib2xpYyBsaW5rcwpmdW5jdGlvbiBSZW1vdmUtRmlsZSgkZmlsZSwgJGNoZWNrbW9kZSkgewogICAgdHJ5IHsKICAgICAgICBpZiAoJGZpbGUuQXR0cmlidXRlcyAtYmFuZCBbU3lzdGVtLklPLkZpbGVBdHRyaWJ1dGVzXTo6UmVwYXJzZVBvaW50KSB7CiAgICAgICAgICAgICMgQnVnIHdpdGggcG93ZXJzaGVsbCwgaWYgeW91IHRyeSBhbmQgZGVsZXRlIGEgc3ltYm9saWMgbGluayB0aGF0IGlzIHBvaW50aW5nCiAgICAgICAgICAgICMgdG8gYW4gaW52YWxpZCBwYXRoIGl0IHdpbGwgZmFpbCwgdXNpbmcgV2luMzIgQVBJIHRvIGRvIHRoaXMgaW5zdGVhZAogICAgICAgICAgICBpZiAoJGZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrbW9kZSkgewogICAgICAgICAgICAgICAgICAgIFtBbnNpYmxlLkNvbW1hbmQuU3ltTGlua0hlbHBlcl06OkRlbGV0ZURpcmVjdG9yeSgkZmlsZS5GdWxsTmFtZSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgtbm90ICRjaGVja21vZGUpIHsKICAgICAgICAgICAgICAgICAgICBbQW5zaWJsZS5Db21tYW5kLlN5bWxpbmtIZWxwZXJdOjpEZWxldGVGaWxlKCRmaWxlLkZ1bGxOYW1lKQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgUmVtb3ZlLURpcmVjdG9yeSAtZGlyZWN0b3J5ICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIFJlbW92ZS1JdGVtIC1MaXRlcmFsUGF0aCAkZmlsZS5GdWxsTmFtZSAtRm9yY2UgLVdoYXRJZjokY2hlY2ttb2RlCiAgICAgICAgfQogICAgfSBjYXRjaCBbRXhjZXB0aW9uXSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgIkZhaWxlZCB0byBkZWxldGUgJCgkZmlsZS5GdWxsTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQp9CgpmdW5jdGlvbiBSZW1vdmUtRGlyZWN0b3J5KCRkaXJlY3RvcnksICRjaGVja21vZGUpIHsKICAgIGZvcmVhY2ggKCRmaWxlIGluIEdldC1DaGlsZEl0ZW0gJGRpcmVjdG9yeS5GdWxsTmFtZSkgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgfQogICAgUmVtb3ZlLUl0ZW0gLUxpdGVyYWxQYXRoICRkaXJlY3RvcnkuRnVsbE5hbWUgLUZvcmNlIC1SZWN1cnNlIC1XaGF0SWY6JGNoZWNrbW9kZQp9CgoKaWYgKCRzdGF0ZSAtZXEgInRvdWNoIikgewogICAgaWYgKFRlc3QtUGF0aCAtTGl0ZXJhbFBhdGggJHBhdGgpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAoR2V0LUNoaWxkSXRlbSAtTGl0ZXJhbFBhdGggJHBhdGgpLkxhc3RXcml0ZVRpbWUgPSBHZXQtRGF0ZQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlIHsKICAgICAgICBXcml0ZS1PdXRwdXQgJG51bGwgfCBPdXQtRmlsZSAtTGl0ZXJhbFBhdGggJHBhdGggLUVuY29kaW5nIEFTQ0lJIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgppZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkgewogICAgJGZpbGVpbmZvID0gR2V0LUl0ZW0gLUxpdGVyYWxQYXRoICRwYXRoCiAgICBpZiAoJHN0YXRlIC1lcSAiYWJzZW50IikgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlaW5mbyAtY2hlY2ttb2RlICRjaGVja19tb2RlCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGRpcmVjdG9yeSIKICAgICAgICB9CgogICAgICAgIGlmICgkc3RhdGUgLWVxICJmaWxlIiAtYW5kICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGZpbGUiCiAgICAgICAgfQogICAgfQoKfSBlbHNlIHsKCiAgICAjIElmIHN0YXRlIGlzIG5vdCBzdXBwbGllZCwgdGVzdCB0aGUgJHBhdGggdG8gc2VlIGlmIGl0IGxvb2tzIGxpa2UKICAgICMgYSBmaWxlIG9yIGEgZm9sZGVyIGFuZCBzZXQgc3RhdGUgdG8gZmlsZSBvciBmb2xkZXIKICAgIGlmICgkc3RhdGUgLWVxICRudWxsKSB7CiAgICAgICAgJGJhc2VuYW1lID0gU3BsaXQtUGF0aCAtUGF0aCAkcGF0aCAtTGVhZgogICAgICAgIGlmICgkYmFzZW5hbWUubGVuZ3RoIC1ndCAwKSB7CiAgICAgICAgICAgJHN0YXRlID0gImZpbGUiCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAkc3RhdGUgPSAiZGlyZWN0b3J5IgogICAgICAgIH0KICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAiZGlyZWN0b3J5IikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXRoIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIGlmICgkXy5DYXRlZ29yeUluZm8uQ2F0ZWdvcnkgLWVxICJSZXNvdXJjZUV4aXN0cyIpIHsKICAgICAgICAgICAgICAgICRmaWxlaW5mbyA9IEdldC1JdGVtIC1MaXRlcmFsUGF0aCAkXy5DYXRlZ29yeUluZm8uVGFyZ2V0TmFtZQogICAgICAgICAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggaXMgbm90IGEgZGlyZWN0b3J5IgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlaWYgKCRzdGF0ZSAtZXEgImZpbGUiKSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggd2lsbCBub3QgYmUgY3JlYXRlZCIKICAgIH0KCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "dest": "c:\\openstack\\etc\\policy.json", "_ansible_remote_tmp": "%TEMP%", "_ansible_syslog_facility": "LOG_USER", "_ansible_keep_remote_files": false, "_ansible_socket": null, "_original_basename": "policy.json", "follow": false, "_ansible_check_mode": false, "_ansible_no_log": false, "_ansible_module_name": "file", "recurse": false, "_ansible_verbosity": 3, "state": "file", "_ansible_diff": false, "mode": null, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1641068967.34-264815861476815'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 8b044de3-007a-46ce-83d7-ea9288e44f28 Path:	4104	1		3	2	15	0	1729	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2664	4372	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:30 PM	839e3e65-ff4b-0005-e849-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcm ScriptBlock ID: 8b044de3-007a-46ce-83d7-ea9288e44f28 Path:	4104	1		3	2	15	0	1728	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2664	4372	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:30 PM	839e3e65-ff4b-0005-e849-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1727	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2664	3900	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:30 PM	839e3e65-ff4b-0001-dd4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2664 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1726	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2664	3136	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:30 PM	839e3e65-ff4b-0001-dd4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1725	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2664	3900	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:30 PM	839e3e65-ff4b-0001-dd4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using System.Security.Principal; using System.Text; namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 3403218f-412d-4ce0-832a-010abcfb28bd Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = de2222c1-5f94-4e7f-acf2-242ebe2f0594 Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 36 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1724	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	968	1500	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:30 PM	839e3e65-ff4b-0003-295e-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 3403218f-412d-4ce0-832a-010abcfb28bd Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = de2222c1-5f94-4e7f-acf2-242ebe2f0594 Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1723	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	968	1500	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:29 PM	839e3e65-ff4b-0004-8050-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 30df9021-b7d2-4805-936b-ac041086e844 Path:	4104	1		3	2	15	0	1722	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	968	2008	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:29 PM	839e3e65-ff4b-0001-ca4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): ing(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can be used; Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlying .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to manipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the original state. If you remove a privilege then this is irreversible and won't be part of the returned dict #> [CmdletBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to force csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privilege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current process' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # once a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: 7f3edbb7-ddb4-4c8b-815c-34dba6c644ea Path:	4104	1		3	2	15	0	1721	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	968	2008	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:28 PM	839e3e65-ff4b-0000-0c4d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToStr ScriptBlock ID: 7f3edbb7-ddb4-4c8b-815c-34dba6c644ea Path:	4104	1		3	2	15	0	1720	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	968	2008	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:28 PM	839e3e65-ff4b-0000-0c4d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 615a3c7e-fdd3-4053-a3c6-8678add563e6 Path:	4104	1		3	2	15	0	1719	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	968	2008	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:28 PM	839e3e65-ff4b-0005-ce49-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 64c40aed-ac73-40e8-a2a5-d964bc58dd56 Path:	4104	1		3	2	15	0	1718	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	968	2008	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:28 PM	839e3e65-ff4b-0005-bf49-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 6): Bmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJlbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2hhcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KCiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogICAgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmtfaW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGFyZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "stat", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_shell_executable": "/bin/sh", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "get_checksum": true, "_ansible_check_mode": false, "checksum_algo": "sha1", "follow": false, "path": "c:\\openstack\\etc\\policy.json", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1641068967.34-264815861476815'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 9bfdf34f-94b0-4a88-8ce4-874859b8330f Path:	4104	1		3	2	15	0	1717	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	968	2008	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:28 PM	839e3e65-ff4b-0000-074d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 6): gICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMDEvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgIC ScriptBlock ID: 9bfdf34f-94b0-4a88-8ce4-874859b8330f Path:	4104	1		3	2	15	0	1716	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	968	2008	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:28 PM	839e3e65-ff4b-0000-074d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 6): CAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgICAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgICAgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0aCkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpbmtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KICAgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCgkbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0aCwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rpb24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICA ScriptBlock ID: 9bfdf34f-94b0-4a88-8ce4-874859b8330f Path:	4104	1		3	2	15	0	1715	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	968	2008	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:28 PM	839e3e65-ff4b-0000-074d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 6): WxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpKSB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGxhYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZW4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRVRfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKICAgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZWF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQzMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29udHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIEludFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpbmsoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogICAgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0aCA9IGhhcmRMaW5rUGF0aC5TdWJzdHJpbmcoMSwgaGFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkTGlua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhbmRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgI ScriptBlock ID: 9bfdf34f-94b0-4a88-8ce4-874859b8330f Path:	4104	1		3	2	15	0	1714	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	968	2008	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:28 PM	839e3e65-ff4b-0000-074d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 6): mlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpbGVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3RhdGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hcnNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0aGVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzLCBuZXdTdGF0ZUJ5dGVzLCAwKTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgICAgICAgICAgZm9yIChpbnQgaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICAgICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgICAgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8IGVyckNvZGUgIT0gMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJvKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmFyeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGFsLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGVsbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92ZSBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiAkc3RhdHVzLkhhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52Y ScriptBlock ID: 9bfdf34f-94b0-4a88-8ce4-874859b8330f Path:	4104	1		3	2	15	0	1713	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	968	2008	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:28 PM	839e3e65-ff4b-0000-074d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 6): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpbGVnZSkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmxlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBwcml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwgVE9LRU5fUFJJVklMRUdFUywgSW50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwuUHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAgICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0pIGZhaWxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpd ScriptBlock ID: 9bfdf34f-94b0-4a88-8ce4-874859b8330f Path:	4104	1		3	2	15	0	1712	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	968	2008	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:28 PM	839e3e65-ff4b-0000-074d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1711	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	968	2744	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:28 PM	839e3e65-ff4b-0001-c54b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 968 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1710	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	968	4944	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:28 PM	839e3e65-ff4b-0001-c54b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1709	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	968	2744	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:28 PM	839e3e65-ff4b-0001-c54b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1708	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4832	676	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:27 PM	839e3e65-ff4b-0001-c34b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4832 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1707	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4832	4512	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:27 PM	839e3e65-ff4b-0001-c34b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1706	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4832	676	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:27 PM	839e3e65-ff4b-0001-c34b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1705	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4904	932	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:27 PM	839e3e65-ff4b-0002-0fd0-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4904 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1704	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4904	1888	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:27 PM	839e3e65-ff4b-0002-0fd0-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1703	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4904	932	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:27 PM	839e3e65-ff4b-0002-0fd0-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1702	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2712	4416	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:25 PM	839e3e65-ff4b-0001-bf4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2712 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1701	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2712	4364	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:25 PM	839e3e65-ff4b-0001-bf4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1700	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2712	4416	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:25 PM	839e3e65-ff4b-0001-bf4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1699	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5112	2524	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:25 PM	839e3e65-ff4b-0002-06d0-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5112 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1698	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5112	3752	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:25 PM	839e3e65-ff4b-0002-06d0-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1697	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5112	2524	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:25 PM	839e3e65-ff4b-0002-06d0-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = c6336321-cece-40e9-b1ad-a2ff03677bf3 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 04497a5a-b26f-484a-8291-9dd95d18b77b Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1696	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4464	3184	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:25 PM	839e3e65-ff4b-0004-6150-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = "Stop" $params = Parse-Args $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -default $false $_remote_tmp = Get-AnsibleParam $params "_ansible_remote_tmp" -type "path" -default $env:TMP $path = Get-AnsibleParam -obj $params -name "path" -type "path" -failifempty $true -aliases "dest","name" $state = Get-AnsibleParam -obj $params -name "state" -type "str" -validateset "absent","directory","file","touch" # used in template/copy when dest is the path to a dir and source is a file $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" if ((Test-Path -Path $path -PathType Container) -and ($null -ne $original_basename)) { $path = Join-Path -Path $path -ChildPath $original_basename } $result = @{ changed = $false } # Used to delete symlinks as powershell cannot delete broken symlinks $symlink_util = @" using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } } "@ $original_tmp = $env:TMP $env:TMP = $_remote_tmp Add-Type -TypeDefinition $symlink_util $env:TMP = $original_tmp # Used to delete directories and files with logic on handling symbolic links function Remove-File($file, $checkmode) { try { if ($file.Attributes -band [System.IO.FileAttributes]::ReparsePoint) { # Bug with powershell, if you try and delete a symbolic link that is pointing # to an invalid path it will fail, using Win32 API to do this instead if ($file.PSIsContainer) { if (-not $checkmode) { [Ansible.Command.SymLinkHelper]::DeleteDirectory($file.FullName) } } else { if (-not $checkmode) { [Ansible.Command.SymlinkHelper]::DeleteFile($file.FullName) } } } elseif ($file.PSIsContainer) { Remove-Directory -directory $file -checkmode $checkmode } else { Remove-Item -LiteralPath $file.FullName -Force -WhatIf:$checkmode } } catch [Exception] { Fail-Json $result "Failed to delete $($file.FullName): $($_.Exception.Message)" } } function Remove-Directory($directory, $checkmode) { foreach ($file in Get-ChildItem $directory.FullName) { Remove-File -file $file -checkmode $checkmode } Remove-Item -LiteralPath $directory.FullName -Force -Recurse -WhatIf:$checkmode } if ($state -eq "touch") { if (Test-Path -LiteralPath $path) { if (-not $check_mode) { (Get-ChildItem -LiteralPath $path).LastWriteTime = Get-Date } $result.changed = $true } else { Write-Output $null | Out-File -LiteralPath $path -Encoding ASCII -WhatIf:$check_mode $result.changed = $true } } if (Test-Path -LiteralPath $path) { $fileinfo = Get-Item -LiteralPath $path if ($state -eq "absent") { Remove-File -file $fileinfo -checkmode $check_mode $result.changed = $true } else { if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } if ($state -eq "file" -and $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a file" } } } else { # If state is not supplied, test the $path to see if it looks like # a file or a folder and set state to file or folder if ($state -eq $null) { $basename = Split-Path -Path $path -Leaf if ($basename.length -gt 0) { $state = "file" } else { $state = "directory" } } if ($state -eq "directory") { try { New-Item -Path $path -ItemType Directory -WhatIf:$check_mode | Out-Null } catch { if ($_.CategoryInfo.Category -eq "ResourceExists") { $fileinfo = Get-Item -LiteralPath $_.CategoryInfo.TargetName if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } } else { Fail-Json $result $_.Exception.Message } } $result.changed = $true } elseif ($state -eq "file") { Fail-Json $result "path $path will not be created" } } Exit-Json $result ScriptBlock ID: 48f06e2a-9817-4d67-94de-3b48493d0ade Path:	4104	1		3	2	15	0	1695	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4464	3184	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:24 PM	839e3e65-ff4b-0004-5250-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 05a52ab1-7086-4fcb-8d7a-280cf69440fb Path:	4104	1		3	2	15	0	1694	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4464	5052	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:24 PM	839e3e65-ff4b-0004-4550-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 7f6b31aa-7ec5-4801-8770-3d2e2cebdf12 Path:	4104	1		3	2	15	0	1693	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4464	5052	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:24 PM	839e3e65-ff4b-0004-3650-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): oICRvcmlnaW5hbF9iYXNlbmFtZQp9CgokcmVzdWx0ID0gQHsKICAgIGNoYW5nZWQgPSAkZmFsc2UKfQoKIyBVc2VkIHRvIGRlbGV0ZSBzeW1saW5rcyBhcyBwb3dlcnNoZWxsIGNhbm5vdCBkZWxldGUgYnJva2VuIHN5bWxpbmtzCiRzeW1saW5rX3V0aWwgPSBAIgp1c2luZyBTeXN0ZW07CnVzaW5nIFN5c3RlbS5Db21wb25lbnRNb2RlbDsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwoKbmFtZXNwYWNlIEFuc2libGUuQ29tbWFuZCB7CiAgICBwdWJsaWMgY2xhc3MgU3ltTGlua0hlbHBlciB7CiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIERlbGV0ZUZpbGVXKHN0cmluZyBscEZpbGVOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeVcoc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgRGVsZXRlRGlyZWN0b3J5KHN0cmluZyBwYXRoKSB7CiAgICAgICAgICAgIGlmICghUmVtb3ZlRGlyZWN0b3J5VyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiUmVtb3ZlRGlyZWN0b3J5Vyh7MH0pIGZhaWxlZDogezF9IiwgcGF0aCwgbmV3IFdpbjMyRXhjZXB0aW9uKE1hcnNoYWwuR2V0TGFzdFdpbjMyRXJyb3IoKSkuTWVzc2FnZSkpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUZpbGUoc3RyaW5nIHBhdGgpIHsKICAgICAgICAgICAgaWYgKCFEZWxldGVGaWxlVyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRGVsZXRlRmlsZVcoezB9KSBmYWlsZWQ6IHsxfSIsIHBhdGgsIG5ldyBXaW4zMkV4Y2VwdGlvbihNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCkpLk1lc3NhZ2UpKTsKICAgICAgICB9CiAgICB9Cn0KIkAKJG9yaWdpbmFsX3RtcCA9ICRlbnY6VE1QCiRlbnY6VE1QID0gJF9yZW1vdGVfdG1wCkFkZC1UeXBlIC1UeXBlRGVmaW5pdGlvbiAkc3ltbGlua191dGlsCiRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKIyBVc2VkIHRvIGRlbGV0ZSBkaXJlY3RvcmllcyBhbmQgZmlsZXMgd2l0aCBsb2dpYyBvbiBoYW5kbGluZyBzeW1ib2xpYyBsaW5rcwpmdW5jdGlvbiBSZW1vdmUtRmlsZSgkZmlsZSwgJGNoZWNrbW9kZSkgewogICAgdHJ5IHsKICAgICAgICBpZiAoJGZpbGUuQXR0cmlidXRlcyAtYmFuZCBbU3lzdGVtLklPLkZpbGVBdHRyaWJ1dGVzXTo6UmVwYXJzZVBvaW50KSB7CiAgICAgICAgICAgICMgQnVnIHdpdGggcG93ZXJzaGVsbCwgaWYgeW91IHRyeSBhbmQgZGVsZXRlIGEgc3ltYm9saWMgbGluayB0aGF0IGlzIHBvaW50aW5nCiAgICAgICAgICAgICMgdG8gYW4gaW52YWxpZCBwYXRoIGl0IHdpbGwgZmFpbCwgdXNpbmcgV2luMzIgQVBJIHRvIGRvIHRoaXMgaW5zdGVhZAogICAgICAgICAgICBpZiAoJGZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrbW9kZSkgewogICAgICAgICAgICAgICAgICAgIFtBbnNpYmxlLkNvbW1hbmQuU3ltTGlua0hlbHBlcl06OkRlbGV0ZURpcmVjdG9yeSgkZmlsZS5GdWxsTmFtZSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgtbm90ICRjaGVja21vZGUpIHsKICAgICAgICAgICAgICAgICAgICBbQW5zaWJsZS5Db21tYW5kLlN5bWxpbmtIZWxwZXJdOjpEZWxldGVGaWxlKCRmaWxlLkZ1bGxOYW1lKQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgUmVtb3ZlLURpcmVjdG9yeSAtZGlyZWN0b3J5ICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIFJlbW92ZS1JdGVtIC1MaXRlcmFsUGF0aCAkZmlsZS5GdWxsTmFtZSAtRm9yY2UgLVdoYXRJZjokY2hlY2ttb2RlCiAgICAgICAgfQogICAgfSBjYXRjaCBbRXhjZXB0aW9uXSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgIkZhaWxlZCB0byBkZWxldGUgJCgkZmlsZS5GdWxsTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQp9CgpmdW5jdGlvbiBSZW1vdmUtRGlyZWN0b3J5KCRkaXJlY3RvcnksICRjaGVja21vZGUpIHsKICAgIGZvcmVhY2ggKCRmaWxlIGluIEdldC1DaGlsZEl0ZW0gJGRpcmVjdG9yeS5GdWxsTmFtZSkgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgfQogICAgUmVtb3ZlLUl0ZW0gLUxpdGVyYWxQYXRoICRkaXJlY3RvcnkuRnVsbE5hbWUgLUZvcmNlIC1SZWN1cnNlIC1XaGF0SWY6JGNoZWNrbW9kZQp9CgoKaWYgKCRzdGF0ZSAtZXEgInRvdWNoIikgewogICAgaWYgKFRlc3QtUGF0aCAtTGl0ZXJhbFBhdGggJHBhdGgpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAoR2V0LUNoaWxkSXRlbSAtTGl0ZXJhbFBhdGggJHBhdGgpLkxhc3RXcml0ZVRpbWUgPSBHZXQtRGF0ZQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlIHsKICAgICAgICBXcml0ZS1PdXRwdXQgJG51bGwgfCBPdXQtRmlsZSAtTGl0ZXJhbFBhdGggJHBhdGggLUVuY29kaW5nIEFTQ0lJIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgppZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkgewogICAgJGZpbGVpbmZvID0gR2V0LUl0ZW0gLUxpdGVyYWxQYXRoICRwYXRoCiAgICBpZiAoJHN0YXRlIC1lcSAiYWJzZW50IikgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlaW5mbyAtY2hlY2ttb2RlICRjaGVja19tb2RlCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGRpcmVjdG9yeSIKICAgICAgICB9CgogICAgICAgIGlmICgkc3RhdGUgLWVxICJmaWxlIiAtYW5kICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGZpbGUiCiAgICAgICAgfQogICAgfQoKfSBlbHNlIHsKCiAgICAjIElmIHN0YXRlIGlzIG5vdCBzdXBwbGllZCwgdGVzdCB0aGUgJHBhdGggdG8gc2VlIGlmIGl0IGxvb2tzIGxpa2UKICAgICMgYSBmaWxlIG9yIGEgZm9sZGVyIGFuZCBzZXQgc3RhdGUgdG8gZmlsZSBvciBmb2xkZXIKICAgIGlmICgkc3RhdGUgLWVxICRudWxsKSB7CiAgICAgICAgJGJhc2VuYW1lID0gU3BsaXQtUGF0aCAtUGF0aCAkcGF0aCAtTGVhZgogICAgICAgIGlmICgkYmFzZW5hbWUubGVuZ3RoIC1ndCAwKSB7CiAgICAgICAgICAgJHN0YXRlID0gImZpbGUiCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAkc3RhdGUgPSAiZGlyZWN0b3J5IgogICAgICAgIH0KICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAiZGlyZWN0b3J5IikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXRoIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIGlmICgkXy5DYXRlZ29yeUluZm8uQ2F0ZWdvcnkgLWVxICJSZXNvdXJjZUV4aXN0cyIpIHsKICAgICAgICAgICAgICAgICRmaWxlaW5mbyA9IEdldC1JdGVtIC1MaXRlcmFsUGF0aCAkXy5DYXRlZ29yeUluZm8uVGFyZ2V0TmFtZQogICAgICAgICAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggaXMgbm90IGEgZGlyZWN0b3J5IgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlaWYgKCRzdGF0ZSAtZXEgImZpbGUiKSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggd2lsbCBub3QgYmUgY3JlYXRlZCIKICAgIH0KCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "dest": "c:\\openstack\\etc\\neutron-hyperv-agent.conf", "_ansible_remote_tmp": "%TEMP%", "_ansible_syslog_facility": "LOG_USER", "_ansible_keep_remote_files": false, "_ansible_socket": null, "_original_basename": "neutron-hyperv-agent.conf", "follow": false, "_ansible_check_mode": false, "_ansible_no_log": false, "_ansible_module_name": "file", "recurse": false, "_ansible_verbosity": 3, "state": "file", "_ansible_diff": false, "mode": null, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1641068961.15-185780171182777'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 565bd67a-2857-42f6-9a84-9dfb4dea7fb2 Path:	4104	1		3	2	15	0	1692	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4464	5052	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:24 PM	839e3e65-ff4b-0004-3050-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): ZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtZGVmYXVsdCAkZmFsc2UKJF9yZW1vdGVfdG1wID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJfYW5zaWJsZV9yZW1vdGVfdG1wIiAtdHlwZSAicGF0aCIgLWRlZmF1bHQgJGVudjpUTVAKCiRwYXRoID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInBhdGgiIC10eXBlICJwYXRoIiAtZmFpbGlmZW1wdHkgJHRydWUgLWFsaWFzZXMgImRlc3QiLCJuYW1lIgokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RhdGUiIC10eXBlICJzdHIiIC12YWxpZGF0ZXNldCAiYWJzZW50IiwiZGlyZWN0b3J5IiwiZmlsZSIsInRvdWNoIgoKIyB1c2VkIGluIHRlbXBsYXRlL2NvcHkgd2hlbiBkZXN0IGlzIHRoZSBwYXRoIHRvIGEgZGlyIGFuZCBzb3VyY2UgaXMgYSBmaWxlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCmlmICgoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBDb250YWluZXIpIC1hbmQgKCRudWxsIC1uZSAkb3JpZ2luYWxfYmFzZW5hbWUpKSB7CiAgICAkcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkcGF0aCAtQ2hpbGRQYXR ScriptBlock ID: 565bd67a-2857-42f6-9a84-9dfb4dea7fb2 Path:	4104	1		3	2	15	0	1691	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4464	5052	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:24 PM	839e3e65-ff4b-0004-3050-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBp ScriptBlock ID: 565bd67a-2857-42f6-9a84-9dfb4dea7fb2 Path:	4104	1		3	2	15	0	1690	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4464	5052	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:24 PM	839e3e65-ff4b-0004-3050-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1689	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4464	2448	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:24 PM	839e3e65-ff4b-0001-bc4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4464 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1688	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4464	2480	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:23 PM	839e3e65-ff4b-0001-bc4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1687	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4464	2448	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:23 PM	839e3e65-ff4b-0001-bc4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using System.Security.Principal; using System.Text; namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = b629ba03-2016-459b-ba59-20f773634034 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 84f29e6e-9325-4f9c-8b2a-e9991d7bf314 Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 36 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1686	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	4404	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:23 PM	839e3e65-ff4b-0001-bb4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = b629ba03-2016-459b-ba59-20f773634034 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 84f29e6e-9325-4f9c-8b2a-e9991d7bf314 Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1685	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	4404	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:23 PM	839e3e65-ff4b-0001-b94b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: da9168ab-6758-4928-a2e7-345ea418828b Path:	4104	1		3	2	15	0	1684	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	4488	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:22 PM	839e3e65-ff4b-0004-0e50-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): e.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current process' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # once a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: 395b0bc3-48a4-48ba-a3de-9e229d57afb4 Path:	4104	1		3	2	15	0	1683	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	4488	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:22 PM	839e3e65-ff4b-0004-0a50-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can be used; Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlying .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to manipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the original state. If you remove a privilege then this is irreversible and won't be part of the returned dict #> [CmdletBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to force csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privilege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansibl ScriptBlock ID: 395b0bc3-48a4-48ba-a3de-9e229d57afb4 Path:	4104	1		3	2	15	0	1682	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	4488	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:22 PM	839e3e65-ff4b-0004-0a50-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 16175eed-50e7-4380-aa01-ad59b4fd29fc Path:	4104	1		3	2	15	0	1681	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	4488	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:22 PM	839e3e65-ff4b-0004-0650-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: f60f054f-a7f1-45c2-a806-e316890607c9 Path:	4104	1		3	2	15	0	1680	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	4488	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:22 PM	839e3e65-ff4b-0004-f74f-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): wcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMDEvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgICBmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJlbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2hhcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KCiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogICAgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmtfaW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGFyZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "stat", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_shell_executable": "/bin/sh", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "get_checksum": true, "_ansible_check_mode": false, "checksum_algo": "sha1", "follow": false, "path": "c:\\openstack\\etc\\neutron-hyperv-agent.conf", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1641068961.15-185780171182777'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: a46391b7-e35d-402c-b2a2-625303dafa39 Path:	4104	1		3	2	15	0	1679	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	4488	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:22 PM	839e3e65-ff4b-0004-f14f-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): kbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0aCwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rpb24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3V ScriptBlock ID: a46391b7-e35d-402c-b2a2-625303dafa39 Path:	4104	1		3	2	15	0	1678	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	4488	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:22 PM	839e3e65-ff4b-0004-f14f-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): HByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29udHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIEludFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpbmsoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogICAgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0aCA9IGhhcmRMaW5rUGF0aC5TdWJzdHJpbmcoMSwgaGFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkTGlua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhbmRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgICAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgICAgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0aCkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpbmtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KICAgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCg ScriptBlock ID: a46391b7-e35d-402c-b2a2-625303dafa39 Path:	4104	1		3	2	15	0	1677	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	4488	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:22 PM	839e3e65-ff4b-0004-f14f-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): gaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICAgICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgICAgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8IGVyckNvZGUgIT0gMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJvKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmFyeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGFsLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGVsbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92ZSBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiAkc3RhdHVzLkhhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpKSB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGxhYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZW4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRVRfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKICAgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZWF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQzMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgI ScriptBlock ID: a46391b7-e35d-402c-b2a2-625303dafa39 Path:	4104	1		3	2	15	0	1676	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	4488	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:22 PM	839e3e65-ff4b-0004-f14f-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpbGVnZSkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmxlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBwcml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwgVE9LRU5fUFJJVklMRUdFUywgSW50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwuUHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAgICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0pIGZhaWxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpdmlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpbGVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3RhdGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hcnNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0aGVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzLCBuZXdTdGF0ZUJ5dGVzLCAwKTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgICAgICAgICAgZm9yIChpbnQ ScriptBlock ID: a46391b7-e35d-402c-b2a2-625303dafa39 Path:	4104	1		3	2	15	0	1675	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	4488	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:22 PM	839e3e65-ff4b-0004-f14f-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1674	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	3268	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:22 PM	839e3e65-ff4b-0001-954b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4212 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1673	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	4852	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:21 PM	839e3e65-ff4b-0001-954b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1672	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	3268	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:21 PM	839e3e65-ff4b-0001-954b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1671	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4560	4892	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:21 PM	839e3e65-ff4b-0002-e3cf-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4560 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1670	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4560	1736	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:21 PM	839e3e65-ff4b-0002-e3cf-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1669	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4560	4892	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:21 PM	839e3e65-ff4b-0002-e3cf-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1668	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1348	4108	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:21 PM	839e3e65-ff4b-0002-e2cf-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1348 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1667	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1348	5060	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:21 PM	839e3e65-ff4b-0002-e2cf-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1666	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1348	4108	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:21 PM	839e3e65-ff4b-0002-e2cf-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1665	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4352	1848	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:20 PM	839e3e65-ff4b-0001-8f4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4352 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1664	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4352	4916	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:20 PM	839e3e65-ff4b-0001-8f4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1663	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4352	1848	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:20 PM	839e3e65-ff4b-0001-8f4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1662	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4132	2492	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:20 PM	839e3e65-ff4b-0001-8e4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4132 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1661	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4132	4156	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:20 PM	839e3e65-ff4b-0001-8e4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1660	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4132	2492	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:20 PM	839e3e65-ff4b-0001-8e4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 7b4a0014-e197-4b5c-a0d2-26145eb06b98 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 13594349-801f-47fa-ac99-2e93c93dfaa9 Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1659	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5088	1072	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:20 PM	839e3e65-ff4b-0004-df4f-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = "Stop" $params = Parse-Args $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -default $false $_remote_tmp = Get-AnsibleParam $params "_ansible_remote_tmp" -type "path" -default $env:TMP $path = Get-AnsibleParam -obj $params -name "path" -type "path" -failifempty $true -aliases "dest","name" $state = Get-AnsibleParam -obj $params -name "state" -type "str" -validateset "absent","directory","file","touch" # used in template/copy when dest is the path to a dir and source is a file $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" if ((Test-Path -Path $path -PathType Container) -and ($null -ne $original_basename)) { $path = Join-Path -Path $path -ChildPath $original_basename } $result = @{ changed = $false } # Used to delete symlinks as powershell cannot delete broken symlinks $symlink_util = @" using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } } "@ $original_tmp = $env:TMP $env:TMP = $_remote_tmp Add-Type -TypeDefinition $symlink_util $env:TMP = $original_tmp # Used to delete directories and files with logic on handling symbolic links function Remove-File($file, $checkmode) { try { if ($file.Attributes -band [System.IO.FileAttributes]::ReparsePoint) { # Bug with powershell, if you try and delete a symbolic link that is pointing # to an invalid path it will fail, using Win32 API to do this instead if ($file.PSIsContainer) { if (-not $checkmode) { [Ansible.Command.SymLinkHelper]::DeleteDirectory($file.FullName) } } else { if (-not $checkmode) { [Ansible.Command.SymlinkHelper]::DeleteFile($file.FullName) } } } elseif ($file.PSIsContainer) { Remove-Directory -directory $file -checkmode $checkmode } else { Remove-Item -LiteralPath $file.FullName -Force -WhatIf:$checkmode } } catch [Exception] { Fail-Json $result "Failed to delete $($file.FullName): $($_.Exception.Message)" } } function Remove-Directory($directory, $checkmode) { foreach ($file in Get-ChildItem $directory.FullName) { Remove-File -file $file -checkmode $checkmode } Remove-Item -LiteralPath $directory.FullName -Force -Recurse -WhatIf:$checkmode } if ($state -eq "touch") { if (Test-Path -LiteralPath $path) { if (-not $check_mode) { (Get-ChildItem -LiteralPath $path).LastWriteTime = Get-Date } $result.changed = $true } else { Write-Output $null | Out-File -LiteralPath $path -Encoding ASCII -WhatIf:$check_mode $result.changed = $true } } if (Test-Path -LiteralPath $path) { $fileinfo = Get-Item -LiteralPath $path if ($state -eq "absent") { Remove-File -file $fileinfo -checkmode $check_mode $result.changed = $true } else { if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } if ($state -eq "file" -and $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a file" } } } else { # If state is not supplied, test the $path to see if it looks like # a file or a folder and set state to file or folder if ($state -eq $null) { $basename = Split-Path -Path $path -Leaf if ($basename.length -gt 0) { $state = "file" } else { $state = "directory" } } if ($state -eq "directory") { try { New-Item -Path $path -ItemType Directory -WhatIf:$check_mode | Out-Null } catch { if ($_.CategoryInfo.Category -eq "ResourceExists") { $fileinfo = Get-Item -LiteralPath $_.CategoryInfo.TargetName if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } } else { Fail-Json $result $_.Exception.Message } } $result.changed = $true } elseif ($state -eq "file") { Fail-Json $result "path $path will not be created" } } Exit-Json $result ScriptBlock ID: 59796bc3-3962-4005-ab68-3e6023bb649c Path:	4104	1		3	2	15	0	1658	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5088	1072	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:20 PM	839e3e65-ff4b-0004-d04f-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: ba571c27-c852-4045-9e61-33c679908ede Path:	4104	1		3	2	15	0	1657	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5088	2008	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:20 PM	839e3e65-ff4b-0000-d94c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: a3839528-133b-4db4-b98d-2203b35c310e Path:	4104	1		3	2	15	0	1656	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5088	2008	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:19 PM	839e3e65-ff4b-0000-ca4c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): 29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtZGVmYXVsdCAkZmFsc2UKJF9yZW1vdGVfdG1wID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJfYW5zaWJsZV9yZW1vdGVfdG1wIiAtdHlwZSAicGF0aCIgLWRlZmF1bHQgJGVudjpUTVAKCiRwYXRoID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInBhdGgiIC10eXBlICJwYXRoIiAtZmFpbGlmZW1wdHkgJHRydWUgLWFsaWFzZXMgImRlc3QiLCJuYW1lIgokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RhdGUiIC10eXBlICJzdHIiIC12YWxpZGF0ZXNldCAiYWJzZW50IiwiZGlyZWN0b3J5IiwiZmlsZSIsInRvdWNoIgoKIyB1c2VkIGluIHRlbXBsYXRlL2NvcHkgd2hlbiBkZXN0IGlzIHRoZSBwYXRoIHRvIGEgZGlyIGFuZCBzb3VyY2UgaXMgYSBmaWxlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCmlmICgoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBDb250YWluZXIpIC1hbmQgKCRudWxsIC1uZSAkb3JpZ2luYWxfYmFzZW5hbWUpKSB7CiAgICAkcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkcGF0aCAtQ2hpbGRQYXRoICRvcmlnaW5hbF9iYXNlbmFtZQp9CgokcmVzdWx0ID0gQHsKICAgIGNoYW5nZWQgPSAkZmFsc2UKfQoKIyBVc2VkIHRvIGRlbGV0ZSBzeW1saW5rcyBhcyBwb3dlcnNoZWxsIGNhbm5vdCBkZWxldGUgYnJva2VuIHN5bWxpbmtzCiRzeW1saW5rX3V0aWwgPSBAIgp1c2luZyBTeXN0ZW07CnVzaW5nIFN5c3RlbS5Db21wb25lbnRNb2RlbDsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwoKbmFtZXNwYWNlIEFuc2libGUuQ29tbWFuZCB7CiAgICBwdWJsaWMgY2xhc3MgU3ltTGlua0hlbHBlciB7CiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIERlbGV0ZUZpbGVXKHN0cmluZyBscEZpbGVOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeVcoc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgRGVsZXRlRGlyZWN0b3J5KHN0cmluZyBwYXRoKSB7CiAgICAgICAgICAgIGlmICghUmVtb3ZlRGlyZWN0b3J5VyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiUmVtb3ZlRGlyZWN0b3J5Vyh7MH0pIGZhaWxlZDogezF9IiwgcGF0aCwgbmV3IFdpbjMyRXhjZXB0aW9uKE1hcnNoYWwuR2V0TGFzdFdpbjMyRXJyb3IoKSkuTWVzc2FnZSkpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUZpbGUoc3RyaW5nIHBhdGgpIHsKICAgICAgICAgICAgaWYgKCFEZWxldGVGaWxlVyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRGVsZXRlRmlsZVcoezB9KSBmYWlsZWQ6IHsxfSIsIHBhdGgsIG5ldyBXaW4zMkV4Y2VwdGlvbihNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCkpLk1lc3NhZ2UpKTsKICAgICAgICB9CiAgICB9Cn0KIkAKJG9yaWdpbmFsX3RtcCA9ICRlbnY6VE1QCiRlbnY6VE1QID0gJF9yZW1vdGVfdG1wCkFkZC1UeXBlIC1UeXBlRGVmaW5pdGlvbiAkc3ltbGlua191dGlsCiRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKIyBVc2VkIHRvIGRlbGV0ZSBkaXJlY3RvcmllcyBhbmQgZmlsZXMgd2l0aCBsb2dpYyBvbiBoYW5kbGluZyBzeW1ib2xpYyBsaW5rcwpmdW5jdGlvbiBSZW1vdmUtRmlsZSgkZmlsZSwgJGNoZWNrbW9kZSkgewogICAgdHJ5IHsKICAgICAgICBpZiAoJGZpbGUuQXR0cmlidXRlcyAtYmFuZCBbU3lzdGVtLklPLkZpbGVBdHRyaWJ1dGVzXTo6UmVwYXJzZVBvaW50KSB7CiAgICAgICAgICAgICMgQnVnIHdpdGggcG93ZXJzaGVsbCwgaWYgeW91IHRyeSBhbmQgZGVsZXRlIGEgc3ltYm9saWMgbGluayB0aGF0IGlzIHBvaW50aW5nCiAgICAgICAgICAgICMgdG8gYW4gaW52YWxpZCBwYXRoIGl0IHdpbGwgZmFpbCwgdXNpbmcgV2luMzIgQVBJIHRvIGRvIHRoaXMgaW5zdGVhZAogICAgICAgICAgICBpZiAoJGZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrbW9kZSkgewogICAgICAgICAgICAgICAgICAgIFtBbnNpYmxlLkNvbW1hbmQuU3ltTGlua0hlbHBlcl06OkRlbGV0ZURpcmVjdG9yeSgkZmlsZS5GdWxsTmFtZSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgtbm90ICRjaGVja21vZGUpIHsKICAgICAgICAgICAgICAgICAgICBbQW5zaWJsZS5Db21tYW5kLlN5bWxpbmtIZWxwZXJdOjpEZWxldGVGaWxlKCRmaWxlLkZ1bGxOYW1lKQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgUmVtb3ZlLURpcmVjdG9yeSAtZGlyZWN0b3J5ICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIFJlbW92ZS1JdGVtIC1MaXRlcmFsUGF0aCAkZmlsZS5GdWxsTmFtZSAtRm9yY2UgLVdoYXRJZjokY2hlY2ttb2RlCiAgICAgICAgfQogICAgfSBjYXRjaCBbRXhjZXB0aW9uXSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgIkZhaWxlZCB0byBkZWxldGUgJCgkZmlsZS5GdWxsTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQp9CgpmdW5jdGlvbiBSZW1vdmUtRGlyZWN0b3J5KCRkaXJlY3RvcnksICRjaGVja21vZGUpIHsKICAgIGZvcmVhY2ggKCRmaWxlIGluIEdldC1DaGlsZEl0ZW0gJGRpcmVjdG9yeS5GdWxsTmFtZSkgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgfQogICAgUmVtb3ZlLUl0ZW0gLUxpdGVyYWxQYXRoICRkaXJlY3RvcnkuRnVsbE5hbWUgLUZvcmNlIC1SZWN1cnNlIC1XaGF0SWY6JGNoZWNrbW9kZQp9CgoKaWYgKCRzdGF0ZSAtZXEgInRvdWNoIikgewogICAgaWYgKFRlc3QtUGF0aCAtTGl0ZXJhbFBhdGggJHBhdGgpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAoR2V0LUNoaWxkSXRlbSAtTGl0ZXJhbFBhdGggJHBhdGgpLkxhc3RXcml0ZVRpbWUgPSBHZXQtRGF0ZQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlIHsKICAgICAgICBXcml0ZS1PdXRwdXQgJG51bGwgfCBPdXQtRmlsZSAtTGl0ZXJhbFBhdGggJHBhdGggLUVuY29kaW5nIEFTQ0lJIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgppZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkgewogICAgJGZpbGVpbmZvID0gR2V0LUl0ZW0gLUxpdGVyYWxQYXRoICRwYXRoCiAgICBpZiAoJHN0YXRlIC1lcSAiYWJzZW50IikgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlaW5mbyAtY2hlY2ttb2RlICRjaGVja19tb2RlCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGRpcmVjdG9yeSIKICAgICAgICB9CgogICAgICAgIGlmICgkc3RhdGUgLWVxICJmaWxlIiAtYW5kICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGZpbGUiCiAgICAgICAgfQogICAgfQoKfSBlbHNlIHsKCiAgICAjIElmIHN0YXRlIGlzIG5vdCBzdXBwbGllZCwgdGVzdCB0aGUgJHBhdGggdG8gc2VlIGlmIGl0IGxvb2tzIGxpa2UKICAgICMgYSBmaWxlIG9yIGEgZm9sZGVyIGFuZCBzZXQgc3RhdGUgdG8gZmlsZSBvciBmb2xkZXIKICAgIGlmICgkc3RhdGUgLWVxICRudWxsKSB7CiAgICAgICAgJGJhc2VuYW1lID0gU3BsaXQtUGF0aCAtUGF0aCAkcGF0aCAtTGVhZgogICAgICAgIGlmICgkYmFzZW5hbWUubGVuZ3RoIC1ndCAwKSB7CiAgICAgICAgICAgJHN0YXRlID0gImZpbGUiCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAkc3RhdGUgPSAiZGlyZWN0b3J5IgogICAgICAgIH0KICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAiZGlyZWN0b3J5IikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXRoIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIGlmICgkXy5DYXRlZ29yeUluZm8uQ2F0ZWdvcnkgLWVxICJSZXNvdXJjZUV4aXN0cyIpIHsKICAgICAgICAgICAgICAgICRmaWxlaW5mbyA9IEdldC1JdGVtIC1MaXRlcmFsUGF0aCAkXy5DYXRlZ29yeUluZm8uVGFyZ2V0TmFtZQogICAgICAgICAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggaXMgbm90IGEgZGlyZWN0b3J5IgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlaWYgKCRzdGF0ZSAtZXEgImZpbGUiKSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggd2lsbCBub3QgYmUgY3JlYXRlZCIKICAgIH0KCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "dest": "c:\\openstack\\etc\\nova.conf", "_ansible_remote_tmp": "%TEMP%", "_ansible_syslog_facility": "LOG_USER", "_ansible_keep_remote_files": false, "_ansible_socket": null, "_original_basename": "nova.conf", "follow": false, "_ansible_check_mode": false, "_ansible_no_log": false, "_ansible_module_name": "file", "recurse": false, "_ansible_verbosity": 3, "state": "file", "_ansible_diff": false, "mode": null, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1641068956.51-44783616097615'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: c85663ce-f7b1-443a-a6e8-337c1cfe471f Path:	4104	1		3	2	15	0	1655	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5088	2008	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:19 PM	839e3e65-ff4b-0000-c44c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ ScriptBlock ID: c85663ce-f7b1-443a-a6e8-337c1cfe471f Path:	4104	1		3	2	15	0	1654	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5088	2008	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:19 PM	839e3e65-ff4b-0000-c44c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1653	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5088	4260	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:19 PM	839e3e65-ff4b-0001-754b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5088 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1652	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5088	4720	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:19 PM	839e3e65-ff4b-0001-754b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1651	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5088	4260	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:19 PM	839e3e65-ff4b-0001-754b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using System.Security.Principal; using System.Text; namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = fe4f7d93-d7c0-44a1-a766-1df44b8c5361 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 3c9be7ed-c7fd-49f8-aa85-5cd41fa22178 Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 36 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1650	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	3660	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:19 PM	839e3e65-ff4b-0004-cb4f-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = fe4f7d93-d7c0-44a1-a766-1df44b8c5361 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 3c9be7ed-c7fd-49f8-aa85-5cd41fa22178 Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1649	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	3660	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:18 PM	839e3e65-ff4b-0003-de5d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 2bf8f1e6-f1d3-4ae8-8bee-db76833f6a66 Path:	4104	1		3	2	15	0	1648	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	3508	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:18 PM	839e3e65-ff4b-0001-634b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): Member -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: 0517ce1c-44f3-4b05-a303-9da1805e02cd Path:	4104	1		3	2	15	0	1647	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	3508	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:18 PM	839e3e65-ff4b-0001-5f4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can be used; Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlying .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to manipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the original state. If you remove a privilege then this is irreversible and won't be part of the returned dict #> [CmdletBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to force csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privilege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current process' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # once a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-Module ScriptBlock ID: 0517ce1c-44f3-4b05-a303-9da1805e02cd Path:	4104	1		3	2	15	0	1646	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	3508	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:18 PM	839e3e65-ff4b-0001-5f4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) ScriptBlock ID: 0517ce1c-44f3-4b05-a303-9da1805e02cd Path:	4104	1		3	2	15	0	1645	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	3508	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:18 PM	839e3e65-ff4b-0001-5f4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: e6efb175-84b9-4328-9850-fde519380eeb Path:	4104	1		3	2	15	0	1644	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	3508	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:18 PM	839e3e65-ff4b-0000-a44c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 4c747a80-7d3b-483c-be67-a1ae319631b5 Path:	4104	1		3	2	15	0	1643	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	3508	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:17 PM	839e3e65-ff4b-0001-5b4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (8 of 8): faW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGFyZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "stat", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_shell_executable": "/bin/sh", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "get_checksum": true, "_ansible_check_mode": false, "checksum_algo": "sha1", "follow": false, "path": "c:\\openstack\\etc\\nova.conf", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1641068956.51-44783616097615'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 366938c9-86b7-482e-8d9c-7b5ad96c9313 Path:	4104	1		3	2	15	0	1642	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	3508	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:17 PM	839e3e65-ff4b-0001-574b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (7 of 8): ml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMDEvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgICBmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJlbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2hhcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KCiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogICAgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmt ScriptBlock ID: 366938c9-86b7-482e-8d9c-7b5ad96c9313 Path:	4104	1		3	2	15	0	1641	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	3508	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:17 PM	839e3e65-ff4b-0001-574b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 8): B8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvc ScriptBlock ID: 366938c9-86b7-482e-8d9c-7b5ad96c9313 Path:	4104	1		3	2	15	0	1640	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	3508	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:17 PM	839e3e65-ff4b-0001-574b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 8): CAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgICAgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0aCkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpbmtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KICAgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCgkbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0aCwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rpb24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iai ScriptBlock ID: 366938c9-86b7-482e-8d9c-7b5ad96c9313 Path:	4104	1		3	2	15	0	1639	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	3508	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:17 PM	839e3e65-ff4b-0001-574b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 8): RfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKICAgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZWF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQzMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29udHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIEludFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpbmsoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogICAgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0aCA9IGhhcmRMaW5rUGF0aC5TdWJzdHJpbmcoMSwgaGFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkTGlua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhbmRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgI ScriptBlock ID: 366938c9-86b7-482e-8d9c-7b5ad96c9313 Path:	4104	1		3	2	15	0	1638	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	3508	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:17 PM	839e3e65-ff4b-0001-574b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 8): sLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGVsbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92ZSBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiAkc3RhdHVzLkhhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpKSB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGxhYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZW4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRV ScriptBlock ID: 366938c9-86b7-482e-8d9c-7b5ad96c9313 Path:	4104	1		3	2	15	0	1637	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	3508	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:17 PM	839e3e65-ff4b-0001-574b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 8): ICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwgVE9LRU5fUFJJVklMRUdFUywgSW50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwuUHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAgICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0pIGZhaWxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpdmlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpbGVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3RhdGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hcnNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0aGVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzLCBuZXdTdGF0ZUJ5dGVzLCAwKTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgICAgICAgICAgZm9yIChpbnQgaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICAgICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgICAgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8IGVyckNvZGUgIT0gMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJvKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmFyeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGF ScriptBlock ID: 366938c9-86b7-482e-8d9c-7b5ad96c9313 Path:	4104	1		3	2	15	0	1636	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	3508	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:17 PM	839e3e65-ff4b-0001-574b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 8): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpbGVnZSkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmxlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBwcml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAg ScriptBlock ID: 366938c9-86b7-482e-8d9c-7b5ad96c9313 Path:	4104	1		3	2	15	0	1635	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	3508	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:17 PM	839e3e65-ff4b-0001-574b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1634	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	4512	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:17 PM	839e3e65-ff4b-0001-554b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2556 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1633	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	4920	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:17 PM	839e3e65-ff4b-0001-554b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1632	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	4512	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:17 PM	839e3e65-ff4b-0001-554b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1631	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5068	4948	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:16 PM	839e3e65-ff4b-0001-534b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5068 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1630	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5068	2464	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:16 PM	839e3e65-ff4b-0001-534b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1629	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5068	4948	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:16 PM	839e3e65-ff4b-0001-534b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1628	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5096	4620	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:16 PM	839e3e65-ff4b-0001-524b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5096 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1627	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5096	1924	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:16 PM	839e3e65-ff4b-0001-524b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1626	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5096	4620	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:16 PM	839e3e65-ff4b-0001-524b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using System.Security.Principal; using System.Text; namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 9931fb76-b694-4f98-bd1b-874be010afa3 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = aa9dc4aa-fc07-4b69-a9dc-9426d1b5d5fe Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 36 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1625	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	3636	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:14 PM	839e3e65-ff4b-0004-b54f-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 9931fb76-b694-4f98-bd1b-874be010afa3 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = aa9dc4aa-fc07-4b69-a9dc-9426d1b5d5fe Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = NCH2-MASTER-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1624	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	3636	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:14 PM	839e3e65-ff4b-0004-b34f-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 210bf09f-b59b-4b42-b33c-ca330e079ce2 Path:	4104	1		3	2	15	0	1623	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	4452	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:13 PM	839e3e65-ff4b-0001-324b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): ivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can be used; Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlying .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to manipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the original state. If you remove a privilege then this is irreversible and won't be part of the returned dict #> [CmdletBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to force csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privilege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current process' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # once a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: d85254c6-7c62-4d09-b58c-f6fd71018579 Path:	4104	1		3	2	15	0	1622	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	4452	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:13 PM	839e3e65-ff4b-0001-2e4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPr ScriptBlock ID: d85254c6-7c62-4d09-b58c-f6fd71018579 Path:	4104	1		3	2	15	0	1621	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	4452	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:13 PM	839e3e65-ff4b-0001-2e4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 6cef6588-14c3-4480-8cae-6105df882331 Path:	4104	1		3	2	15	0	1620	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	4452	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:13 PM	839e3e65-ff4b-0001-2a4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 060ee2ab-1b87-492c-963f-4ea1e333645b Path:	4104	1		3	2	15	0	1619	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	4452	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:13 PM	839e3e65-ff4b-0001-1b4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 6): RoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMDEvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgICBmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJlbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2hhcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KCiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogICAgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmtfaW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGFyZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_stat", "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\etc\\dataplane_informations.yaml", "_ansible_tmpdir": null, "_ansible_check_mode": false}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: dafc1ec8-0bfc-4a3e-88b7-e67a2f356a6c Path:	4104	1		3	2	15	0	1618	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	4452	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:13 PM	839e3e65-ff4b-0001-154b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 6): tbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIH ScriptBlock ID: dafc1ec8-0bfc-4a3e-88b7-e67a2f356a6c Path:	4104	1		3	2	15	0	1617	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	4452	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:13 PM	839e3e65-ff4b-0001-154b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 6): JzdHJpbmcoMSwgaGFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkTGlua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhbmRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgICAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgICAgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0aCkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpbmtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KICAgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCgkbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0aCwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rpb24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICg ScriptBlock ID: dafc1ec8-0bfc-4a3e-88b7-e67a2f356a6c Path:	4104	1		3	2	15	0	1616	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	4452	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:13 PM	839e3e65-ff4b-0001-154b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 6): kc3RhdHVzLkhhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpKSB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGxhYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZW4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRVRfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKICAgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZWF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQzMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29udHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIEludFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpbmsoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogICAgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0aCA9IGhhcmRMaW5rUGF0aC5TdW ScriptBlock ID: dafc1ec8-0bfc-4a3e-88b7-e67a2f356a6c Path:	4104	1		3	2	15	0	1615	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	4452	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:13 PM	839e3e65-ff4b-0001-154b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 6): IGZhaWxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpdmlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpbGVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3RhdGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hcnNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0aGVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzLCBuZXdTdGF0ZUJ5dGVzLCAwKTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgICAgICAgICAgZm9yIChpbnQgaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICAgICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgICAgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8IGVyckNvZGUgIT0gMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJvKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmFyeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGFsLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGVsbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92ZSBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiA ScriptBlock ID: dafc1ec8-0bfc-4a3e-88b7-e67a2f356a6c Path:	4104	1		3	2	15	0	1614	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	4452	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:13 PM	839e3e65-ff4b-0001-154b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 6): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpbGVnZSkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmxlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBwcml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwgVE9LRU5fUFJJVklMRUdFUywgSW50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwuUHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAgICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0p ScriptBlock ID: dafc1ec8-0bfc-4a3e-88b7-e67a2f356a6c Path:	4104	1		3	2	15	0	1613	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	4452	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:13 PM	839e3e65-ff4b-0001-154b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1612	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	4760	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:13 PM	839e3e65-ff4b-0002-c3cf-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1032 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1611	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	3184	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:13 PM	839e3e65-ff4b-0002-c3cf-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1610	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	4760	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:13 PM	839e3e65-ff4b-0002-c3cf-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 5cfcc331-5b32-4d48-bdc1-eed4a4921185 Path:	4104	1		3	2	15	0	1609	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4220	4852	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:10 PM	839e3e65-ff4b-0001-d94a-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 3eb8fce6-07fe-4618-a558-fc97993ebf55 Path:	4104	1		3	2	15	0	1608	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4220	4852	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:09 PM	839e3e65-ff4b-0002-b7cf-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): gICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgJHJlc3VsdC5sb2cgKz0gIkZvdW5kIHZtc3dpdGNoICIgKyAkaS5uYW1lICsgIiwgY2hlY2tpbmcgTWFuYWdlbWVudE9TIgogICAgICAgICAgICAgICAgaWYgKCAkaS5hbGxvd21hbmFnZW1lbnRvcyAtZXEgJG1hbmFnZW1lbnQgKSB7CiAgICAgICAgICAgICAgICAgICAgJHJlc3VsdC5sb2cgKz0gIk1hbmFnZW1lbnRPUyBtYXRjaGVzIgogICAgICAgICAgICAgICAgfQoJCQkJPCMgIGVsc2UgewogICAgICAgICAgICAgICAgICAgICRyZXN1bHQubG9nICs9ICJNYW5hZ2VtZW50T1MgZG9lcyBub3QgbWF0Y2gsIHVwZGF0aW5nIGZyb20gIiArICRpLmFsbG93bWFuYWdlbWVudG9zICsgIiB0byAiICsgJG1hbmFnZW1lbnQKICAgICAgICAgICAgICAgICAgICBTZXQtVk1Td2l0Y2ggLU5hbWUgJG5hbWUgLUFsbG93TWFuYWdlbWVudE9TICRtYW5hZ2VtZW50CiAgICAgICAgICAgICAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgICAgICAgICAgICAgIH0gIz4KCiAgICAgICAgICAgICAgICBpZiAoICRtYW5hZ2VtZW50ICkgewogICAgICAgICAgICAgICAgICAgICRyZXN1bHQubG9nICs9ICJNYW5hZ2VtZW50T1MgaXMgdHJ1ZSwgY2hlY2tpbmcgaXAiCiAgICAgICAgICAgICAgICAgICAgJHN3X25hbWUgPSAidkV0aGVybmV0ICgiICsgJGkubmFtZSArICIpIgogICAgICAgICAgICAgICAgICAgICRzd19pcCA9IEdldC1OZXRJUEFkZHJlc3MgLWFkZHJlc3NmYW1pbHkgaXB2NCAtaW50ZXJmYWNlYWxpYXMgJHN3X25hbWUgLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKICAgICAgICAgICAgICAgICAgICBpZiAoJHN3X2lwKSB7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChpcF9pbl9zdWJuZXQgLWlwICRzd19pcC5pcGFkZHJlc3MgLXN1Ym5ldCAkdmFyX3N1Ym5ldCkgewogICAgICAgICAgICAgICAgICAgICAgICAgICAgJHJlc3VsdC5sb2cgKz0gImlwICIgKyAkc3dfaXAuaXBhZGRyZXNzICsgIiBpcyBwYXJ0IG9mIHN1Ym5ldCAiICsgJHZhcl9zdWJuZXQgKyAiLCBkb25lIgogICAgICAgICAgICAgICAgICAgICAgICAgICAgRXhpdC1Kc29uICRyZXN1bHQKICAgICAgICAgICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICRyZXN1bHQubG9nICs9ICJpcCAiICsgJHN3X2lwLmlwYWRkcmVzcyArICIgaXMgbm90IHBhcnQgb2Ygc3VibmV0ICIgKyAkdmFyX3N1Ym5ldAogICAgICAgICAgICAgICAgICAgICAgICAgICAgcmVtb3ZlLXZtc3dpdGNoIC1uYW1lICRpLm5hbWUgLWZvcmNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAgICAgJHJlc3VsdC5sb2cgKz0gIkNvdWxkIG5vdCBnZXQgaXAgYWRkcmVzcyBmb3IgdkV0aGVybmV0ICgiICsgJGkubmFtZSArICIpLCByZW1vdmluZyB2bXN3aXRjaCIKICAgICAgICAgICAgICAgICAgICAgICAgcmVtb3ZlLXZtc3dpdGNoIC1uYW1lICRpLm5hbWUgLWZvcmNlCiAgICAgICAgICAgICAgICAgICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkcmVzdWx0LmxvZyArPSAiTWFuYWdlbWVudE9TIGlzICIgKyAkbWFuYWdlbWVudCArICIsIG5vdGhpbmcgZWxzZSB0byBjaGVjayIKICAgICAgICAgICAgICAgICAgICBFeGl0LUpzb24gJHJlc3VsdAogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgJHJlc3VsdC5sb2cgKz0gInZtc3dpdGNoICIgKyAkaS5uYW1lICsgIiBkb2VzIG5vdCBtYXRjaCAkbmFtZSwgaWdub3JpbmcgaXQiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CiAgICBpZiAoJHN0YXRlIC1lcSAicHJlc2VudCIpIHsKICAgICAgICAkYWRhcHRlcnMgPSBHZXQtTmV0SVBBZGRyZXNzIC1hZGRyZXNzZmFtaWx5IGlwdjQgLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKICAgICAgICBmb3JlYWNoICgkYWRhcHRlciBpbiAkYWRhcHRlcnMpIHsKICAgICAgICAgICAgJHJlc3VsdC5sb2cgKz0gImNoZWNraW5nIGFkYXB0ZXIgIiArICRhZGFwdGVyLmludGVyZmFjZWFsaWFzCiAgICAgICAgICAgIGlmIChpcF9pbl9zdWJuZXQgLWlwICRhZGFwdGVyLmlwYWRkcmVzcyAtc3VibmV0ICR2YXJfc3VibmV0KSB7CiAgICAgICAgICAgICAgICAkcmVzdWx0LmxvZyArPSAiYWRhcHRlciAiICsgJGFkYXB0ZXIuaW50ZXJmYWNlYWxpYXMgKyAiIGlwICIgKyAkYWRhcHRlci5pcGFkZHJlc3MgKyAiIG1hdGNoZXMgc3VibmV0ICIgKyAkdmFyX3N1Ym5ldAogICAgICAgICAgICAgICAgaWYgKCAkYWRhcHRlci5pbnRlcmZhY2VhbGlhcyAtbWF0Y2ggInZFdGhlcm5ldCIpIHsKICAgICAgICAgICAgICAgICAgICAkbXNnID0gImEgdm1zd2l0Y2ggd2l0aCBhIGRpZmZlcmVudCBuYW1lIGFscmVhZHkgZXhpc3RzIGZvciBzdWJuZXQgIiArICR2YXJfc3VibmV0CiAgICAgICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJG1zZwogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgICAgICAgICBOZXctVk1Td2l0Y2ggLU5hbWUgJG5hbWUgLU5ldEFkYXB0ZXJOYW1lICRhZGFwdGVyLmludGVyZmFjZWFsaWFzIC1BbGxvd01hbmFnZW1lbnRPUyAkbWFuYWdlbWVudAoJCQkJCQlHZXQtVk1Td2l0Y2gKICAgICAgICAgICAgICAgICAgICAgICAgJHJlc3VsdC5pbnRlcmZhY2VfZGV0YWlscy5BZGQoJ2FkYXB0ZXJfbmFtZScsICRhZGFwdGVyLmludGVyZmFjZWFsaWFzKQoJCQkJCQkkcmVzdWx0LmludGVyZmFjZV9kZXRhaWxzLkFkZCgnYWRhcHRlcl9pcCcsICRhZGFwdGVyLmlwYWRkcmVzcykKCQkJCQkJJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgICAgICAgICAgICAgICAgICAgICAgRXhpdC1Kc29uICRyZXN1bHQKICAgICAgICAgICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9ICAgCiAgICB9Cn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "subnet": "192.168.0.0/22", "management": false, "_ansible_no_log": false, "_ansible_module_name": "cb_vmswitch", "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "state": "present", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null, "name": "br-data"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: fb54aeaf-bfaf-4adc-b434-075a881b3419 Path:	4104	1		3	2	15	0	1607	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4220	4852	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:09 PM	839e3e65-ff4b-0001-c84a-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): AkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIFdBTlRfSlNPTgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKU2V0LVN0cmljdE1vZGUgLVZlcnNpb24gMwokRXJyb3JBY3Rpb25QcmVmZXJlbmNlID0gIlN0b3AiCgokcGFyc2VkX2FyZ3MgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcmVzdWx0ID0gQHtjaGFuZ2VkPSRmYWxzZX0KCiRuYW1lID0gR2V0LUFuc2libGVQYXJhbSAkcGFyc2VkX2FyZ3MgIm5hbWUiIC1GYWlsSWZFbXB0eSAkdHJ1ZQokbWFuYWdlbWVudD0gR2V0LUFuc2libGVQYXJhbSAkcGFyc2VkX2FyZ3MgIm1hbmFnZW1lbnQiIC10eXBlICJib29sIiAtZGVmYXVsdCAiZmFsc2UiIC1WYWxpZGF0ZVNldCAidHJ1ZSIsImZhbHNlIgokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtICRwYXJzZWRfYXJncyAic3RhdGUiIC1EZWZhdWx0ICJwcmVzZW50IiAtVmFsaWRhdGVTZXQgInByZXNlbnQiLCJhYnNlbnQiCiR2YXJfc3VibmV0ID0gR2V0LUFuc2libGVQYXJhbSAkcGFyc2VkX2FyZ3MgInN1Ym5ldCIgLUZhaWxJZkVtcHR5ICR0cnVlCgokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gJHBhcnNlZF9hcmdzICJfYW5zaWJsZV9jaGVja19tb2RlIiAtRGVmYXVsdCAkZmFsc2UKCkZ1bmN0aW9uIGlwX2luX3N1Ym5ldCB7IAogICAgcGFyYW0gKCAKICAgICAgICBbcGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldCiAgICAgICAgW05ldC5JUEFkZHJlc3NdIAogICAgICAgICRpcCwgCgogICAgICAgIFtwYXJhbWV0ZXIoTWFuZGF0b3J5PSR0cnVlKV0gCiAgICAgICAgJHN1Ym5ldAogICAgKSAKCiAgICBbTmV0LklQQWRkcmVzc10kaXAyLCAkbSA9ICRzdWJuZXQuc3BsaXQoJy8nKQoKICAgIFN3aXRjaCAtUmVnRXggKCRtKSB7CiAgICAgICAgIl4oPzpbMC05XXsxLDN9XC4pezN9WzAtOV17MSwzfSQiIHsKICAgICAgICAgICAgJG1hc2sgPSBbTmV0LklQQWRkcmVzc10kbQogICAgICAgIH0KICAgICAgICAiXltcZF0rJCIgewogICAgICAgICAgICAkdGlwPShbQ29udmVydF06OlRvVUludDMyKCQoKCIxIiAqICRtKS5QYWRSaWdodCgzMiwgIjAiKSksIDIpKQogICAgICAgICAgICAkZG90dGVkID0gJCggRm9yICgkaSA9IDM7ICRpIC1ndCAtMTsgJGktLSkgewogICAgICAgICAgICAgICAgJHIgPSAkdGlwICUgW01hdGhdOjpQb3coMjU2LCAkaSkKICAgICAgICAgICAgICAgICgkdGlwIC0gJHIpIC8gW01hdGhdOjpQb3coMjU2LCAkaSkKICAgICAgICAgICAgICAgICR0aXAgPSAkcgogICAgICAgICAgICB9ICkKICAgICAgICAKICAgICAgICAgICAgJG1hc2sgPSBbTmV0LklQQWRkcmVzc11bU3RyaW5nXTo6Sm9pbignLicsICRkb3R0ZWQpCiAgICAgICAgfQogICAgICAgIGRlZmF1bHQgewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAiSW52YWxpZCBzdWJuZXQgc3BlY2lmaWVkOiAkc3VibmV0IgogICAgICAgIH0KICAgIH0KCiAgICBpZiAoKCRpcC5hZGRyZXNzIC1iYW5kICRtYXNrLmFkZHJlc3MpIC1lcSAoJGlwMi5hZGRyZXNzIC1iYW5kICRtYXNrLmFkZHJlc3MpKSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9IGVsc2UgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gCn0KJHJlc3VsdC5sb2cgPSBAKCkKJHJlc3VsdC5pbnRlcmZhY2VfZGV0YWlscyA9QHt9CgpJZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgJFZNc3dpdGNoZXMgPSBHZXQtVk1Td2l0Y2ggLVN3aXRjaFR5cGUgRXh0ZXJuYWwgLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKICAgIGlmICgkVk1zd2l0Y2hlcyl7CiAgICAgICAgZm9yZWFjaCgkaSBpbiAkVk1zd2l0Y2hlcyl7CiAgICAgICAgICAgICRyZXN1bHQubG9nICs9ICJGb3VuZCB2bXN3aXRjaDogIiArICRpLm5hbWUgKyAiLCBjaGVja2luZy4uLiIKICAgICAgICAgICAgaWYgKCAkaS5uYW1lIC1lcSAkbmFtZSApIHsKICAgICAgICAgICAgICAgIGlmICggJHN0YXRlIC1lcSAiYWJzZW50IiApIHsKICAgICAgICAgICAgICAgICAgICAkcmVzdWx0LmxvZyArPSAiRm91bmQgdm1zd2l0Y2ggIiArICRpLm5hbWUgKyAiLCBzdGF0ZSBpcyAiICsgJHN0YXRlICsgIiwgcmVtb3ZpbmciCiAgICAgICAgICAgICAgICAgICAgcmVtb3ZlLXZtc3dpdGNoIC1uYW1lICRpLm5hbWUgLWZvcmNlCiAgICAgICAgICAgICAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgICAgICAgICAgICAgICAgICBFeGl0LUpzb24gJHJlc3VsdAo ScriptBlock ID: fb54aeaf-bfaf-4adc-b434-075a881b3419 Path:	4104	1		3	2	15	0	1606	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4220	4852	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:09 PM	839e3e65-ff4b-0001-c84a-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPS ScriptBlock ID: fb54aeaf-bfaf-4adc-b434-075a881b3419 Path:	4104	1		3	2	15	0	1605	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4220	4852	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:09 PM	839e3e65-ff4b-0001-c84a-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1604	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4220	2508	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:09 PM	839e3e65-ff4b-0002-b3cf-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4220 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1603	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4220	3672	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:09 PM	839e3e65-ff4b-0002-b3cf-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1602	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4220	2508	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:09 PM	839e3e65-ff4b-0002-b3cf-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: f43d11f8-f01a-4501-a002-68cbec9f03d1 Path:	4104	1		3	2	15	0	1601	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2692	4216	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:06 PM	839e3e65-ff4b-0002-9bcf-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: ea34f7d8-0e75-4124-a7ba-4fb6966c2ba5 Path:	4104	1		3	2	15	0	1600	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2692	4216	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:06 PM	839e3e65-ff4b-0002-88cf-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): CB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgImZhaWxlZCB0byBwYXVzZSBzZXJ2aWNlICQoJHN2Yy5OYW1lKTogJCgkXy5FeGNlcHRpb24uTWVzc2FnZSkiCiAgICAgICAgfQogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgImFic2VudCIpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU3RvcC1TZXJ2aWNlIC1Gb3JjZTokZm9yY2VfZGVwZW5kZW50X3NlcnZpY2VzIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgJHJldHVybiA9ICR3bWlfc3ZjIHwgSW52b2tlLUNpbU1ldGhvZCAtTWV0aG9kTmFtZSBEZWxldGUKICAgICAgICAgICAgaWYgKCRyZXR1cm4uUmV0dXJuVmFsdWUgLW5lIDApIHsKICAgICAgICAgICAgICAgICRlcnJvcl9tc2cgPSBHZXQtV21pRXJyb3JNZXNzYWdlIC1yZXR1cm5fdmFsdWUgJHJldHVybi5SZXR1cm5WYWx1ZQogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRmFpbGVkIHRvIGRlbGV0ZSBzZXJ2aWNlICQoJHN2Yy5OYW1lKTogJCgkcmV0dXJuLlJldHVyblZhbHVlKSAtICRlcnJvcl9tc2ciCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VDb25maWd1cmF0aW9uKCRzdmMpIHsKICAgICR3bWlfc3ZjID0gR2V0LUNpbUluc3RhbmNlIC1DbGFzc05hbWUgV2luMzJfU2VydmljZSAtRmlsdGVyICJuYW1lPSckKCRzdmMuTmFtZSknIgogICAgR2V0LVNlcnZpY2VJbmZvIC1uYW1lICRzdmMuTmFtZQogICAgaWYgKCRkZXNrdG9wX2ludGVyYWN0IC1lcSAkdHJ1ZSAtYW5kICgtbm90ICgkcmVzdWx0LnVzZXJuYW1lIC1lcSAnTG9jYWxTeXN0ZW0nIC1vciAkdXNlcm5hbWUgLWVxICdMb2NhbFN5c3RlbScpKSkgewogICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJDYW4gb25seSBzZXQgZGVza3RvcF9pbnRlcmFjdCB0byB0cnVlIHdoZW4gc2VydmljZSBpcyBydW4gd2l0aC9vciAndXNlcm5hbWUnIGVxdWFscyAnTG9jYWxTeXN0ZW0nIgogICAgfQoKICAgIGlmICgkc3RhcnRfbW9kZSAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZVN0YXJ0TW9kZSAtc3ZjICRzdmMgLXN0YXJ0X21vZGUgJHN0YXJ0X21vZGUKICAgIH0KCiAgICBpZiAoJHVzZXJuYW1lIC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlQWNjb3VudCAtd21pX3N2YyAkd21pX3N2YyAtdXNlcm5hbWVfc2lkICR1c2VybmFtZV9zaWQgLXVzZXJuYW1lICR1c2VybmFtZSAtcGFzc3dvcmQgJHBhc3N3b3JkCiAgICB9CgogICAgaWYgKCRkaXNwbGF5X25hbWUgLW5lICRudWxsKSB7CiAgICAgICAgU2V0LVNlcnZpY2VEaXNwbGF5TmFtZSAtc3ZjICRzdmMgLWRpc3BsYXlfbmFtZSAkZGlzcGxheV9uYW1lCiAgICB9CgogICAgaWYgKCRkZXNrdG9wX2ludGVyYWN0IC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlRGVza3RvcEludGVyYWN0IC13bWlfc3ZjICR3bWlfc3ZjIC1kZXNrdG9wX2ludGVyYWN0ICRkZXNrdG9wX2ludGVyYWN0CiAgICB9CgogICAgaWYgKCRkZXNjcmlwdGlvbiAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZURlc2NyaXB0aW9uIC1zdmMgJHN2YyAtZGVzY3JpcHRpb24gJGRlc2NyaXB0aW9uCiAgICB9CgogICAgaWYgKCRwYXRoIC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlUGF0aCAtbmFtZSAkc3ZjLk5hbWUgLXBhdGggJHBhdGgKICAgIH0KCiAgICBpZiAoJGRlcGVuZGVuY2llcyAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZURlcGVuZGVuY2llcyAtd21pX3N2YyAkd21pX3N2YyAtZGVwZW5kZW5jeV9hY3Rpb24gJGRlcGVuZGVuY3lfYWN0aW9uIC1kZXBlbmRlbmNpZXMgJGRlcGVuZGVuY2llcwogICAgfQoKICAgIGlmICgkc3RhdGUgLW5lICRudWxsKSB7CiAgICAgICAgU2V0LVNlcnZpY2VTdGF0ZSAtc3ZjICRzdmMgLXdtaV9zdmMgJHdtaV9zdmMgLXN0YXRlICRzdGF0ZQogICAgfQp9CgojIG5lZWQgdG8gdXNlIFdoZXJlLU9iamVjdCBhcyAtTmFtZSBkb2Vzbid0IHdvcmsgd2l0aCBbXSBpbiB0aGUgc2VydmljZSBuYW1lCiMgaHR0cHM6Ly9naXRodWIuY29tL2Fuc2libGUvYW5zaWJsZS9pc3N1ZXMvMzc2MjEKJHN2YyA9IEdldC1TZXJ2aWNlIHwgV2hlcmUtT2JqZWN0IHsgJF8uTmFtZSAtZXEgJG5hbWUgLW9yICRfLkRpc3BsYXlOYW1lIC1lcSAkbmFtZSB9CmlmICgkc3ZjKSB7CiAgICBTZXQtU2VydmljZUNvbmZpZ3VyYXRpb24gLXN2YyAkc3ZjCn0gZWxzZSB7CiAgICAkcmVzdWx0LmV4aXN0cyA9ICRmYWxzZQogICAgaWYgKCRzdGF0ZSAtbmUgJ2Fic2VudCcpIHsKICAgICAgICAjIENoZWNrIGlmIHBhdGggaXMgZGVmaW5lZCwgaWYgc28gY3JlYXRlIHRoZSBzZXJ2aWNlCiAgICAgICAgaWYgKCRwYXRoIC1uZSAkbnVsbCkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgTmV3LVNlcnZpY2UgLU5hbWUgJG5hbWUgLUJpbmFyeVBhdGhuYW1lICRwYXRoIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCgogICAgICAgICAgICAkc3ZjID0gR2V0LVNlcnZpY2UgfCBXaGVyZS1PYmplY3QgeyAkXy5OYW1lIC1lcSAkbmFtZSB9CiAgICAgICAgICAgIFNldC1TZXJ2aWNlQ29uZmlndXJhdGlvbiAtc3ZjICRzdmMKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAjIFdlIHdpbGwgb25seSByZWFjaCBoZXJlIGlmIHRoZSBzZXJ2aWNlIGlzIGluc3RhbGxlZCBhbmQgdGhlIHN0YXRlIGlzIG5vdCBhYnNlbnQKICAgICAgICAgICAgIyBXaWxsIGNoZWNrIGlmIGFueSBvZiB0aGUgZGVmYXVsdCBhY3Rpb25zIGFyZSBzZXQgYW5kIGZhaWwgYXMgd2UgY2Fubm90IGFjdGlvbiBpdAogICAgICAgICAgICBpZiAoJHN0YXJ0X21vZGUgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJHN0YXRlIC1uZSAkbnVsbCAtb3IKICAgICAgICAgICAgICAgICR1c2VybmFtZSAtbmUgJG51bGwgLW9yCiAgICAgICAgICAgICAgICAkcGFzc3dvcmQgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRpc3BsYXlfbmFtZSAtbmUgJG51bGwgLW9yCiAgICAgICAgICAgICAgICAkZGVzY3JpcHRpb24gLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRlc2t0b3BfaW50ZXJhY3QgLW5lICRmYWxzZSAtb3IKICAgICAgICAgICAgICAgICRkZXBlbmRlbmNpZXMgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRlcGVuZGVuY3lfYWN0aW9uIC1uZSAnc2V0JykgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJTZXJ2aWNlICckbmFtZScgaXMgbm90IGluc3RhbGxlZCwgbmVlZCB0byBzZXQgJ3BhdGgnIHRvIGNyZWF0ZSBhIG5ldyBzZXJ2aWNlIgogICAgICAgICAgICB9CiAgICAgICAgfQogICAgfQp9CgojIEFmdGVyIG1ha2luZyBhIGNoYW5nZSwgbGV0J3MgZ2V0IHRoZSBzZXJ2aWNlIGluZm8gYWdhaW4gdW5sZXNzIHdlIGRlbGV0ZWQgaXQKaWYgKCRzdGF0ZSAtZXEgJ2Fic2VudCcpIHsKICAgICMgUmVjcmVhdGUgcmVzdWx0IHNvIGl0IGRvZXNuJ3QgaGF2ZSB0aGUgZXh0cmEgbWV0YSBkYXRhIG5vdyB0aGF0IGlzIGhhcyBiZWVuIGRlbGV0ZWQKICAgICRjaGFuZ2VkID0gJHJlc3VsdC5jaGFuZ2VkCiAgICAkcmVzdWx0ID0gQHsKICAgICAgICBjaGFuZ2VkID0gJGNoYW5nZWQKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfSBlbHNlaWYgKCRzdmMgLW5lICRudWxsKSB7CiAgICBHZXQtU2VydmljZUluZm8gLW5hbWUgJG5hbWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "display_name": "neutron-hyperv-agent", "name": "neutron-hyperv-agent", "start_mode": "manual", "_ansible_module_name": "win_service", "_ansible_no_log": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "state": "stopped", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_check_mode": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\bin\\OpenStackService.exe neutron-hyperv-agent c:\\python37\\scripts\\neutron-hyperv-agent.exe --config-file c:\\openstack\\etc\\neutron-hyperv-agent.conf", "_ansible_tmpdir": null, "_ansible_debug": false, "description": "OpenStack Neutron Hyper-V Agent Service"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: fd0eeaaa-b65e-4a96-b22a-ccdb2f9ed91a Path:	4104	1		3	2	15	0	1599	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2692	4216	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:06 PM	839e3e65-ff4b-0002-82cf-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): AgfQoKICAgICRleGlzdGluZ19kZXBlbmRlbmNpZXMgPSBAKCkKICAgICRleGlzdGluZ19kZXBlbmRlZF9ieSA9IEAoKQogICAgaWYgKCRzdmMuU2VydmljZXNEZXBlbmRlZE9uLkNvdW50IC1ndCAwKSB7CiAgICAgICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJHN2Yy5TZXJ2aWNlc0RlcGVuZGVkT24uTmFtZSkgewogICAgICAgICAgICAkZXhpc3RpbmdfZGVwZW5kZW5jaWVzICs9ICRkZXBlbmRlbmN5CiAgICAgICAgfQogICAgfQogICAgaWYgKCRzdmMuRGVwZW5kZW50U2VydmljZXMuQ291bnQgLWd0IDApIHsKICAgICAgICBmb3JlYWNoICgkZGVwZW5kZW5jeSBpbiAkc3ZjLkRlcGVuZGVudFNlcnZpY2VzLk5hbWUpIHsKICAgICAgICAgICAgJGV4aXN0aW5nX2RlcGVuZGVkX2J5ICs9ICRkZXBlbmRlbmN5CiAgICAgICAgfQogICAgfQogICAgJGRlc2NyaXB0aW9uID0gJHdtaV9zdmMuRGVzY3JpcHRpb24KICAgIGlmICgkZGVzY3JpcHRpb24gLWVxICRudWxsKSB7CiAgICAgICAgJGRlc2NyaXB0aW9uID0gIiIKICAgIH0KCiAgICAkcmVzdWx0LmV4aXN0cyA9ICR0cnVlCiAgICAkcmVzdWx0Lm5hbWUgPSAkc3ZjLk5hbWUKICAgICRyZXN1bHQuZGlzcGxheV9uYW1lID0gJHN2Yy5EaXNwbGF5TmFtZQogICAgJHJlc3VsdC5zdGF0ZSA9ICRzdmMuU3RhdHVzLlRvU3RyaW5nKCkuVG9Mb3dlcigpCiAgICAkcmVzdWx0LnN0YXJ0X21vZGUgPSAkYWN0dWFsX3N0YXJ0X21vZGUKICAgICRyZXN1bHQucGF0aCA9ICR3bWlfc3ZjLlBhdGhOYW1lCiAgICAkcmVzdWx0LmRlc2NyaXB0aW9uID0gJGRlc2NyaXB0aW9uCiAgICAkcmVzdWx0LnVzZXJuYW1lID0gJHdtaV9zdmMuU3RhcnROYW1lCiAgICAkcmVzdWx0LmRlc2t0b3BfaW50ZXJhY3QgPSAkd21pX3N2Yy5EZXNrdG9wSW50ZXJhY3QKICAgICRyZXN1bHQuZGVwZW5kZW5jaWVzID0gJGV4aXN0aW5nX2RlcGVuZGVuY2llcwogICAgJHJlc3VsdC5kZXBlbmRlZF9ieSA9ICRleGlzdGluZ19kZXBlbmRlZF9ieQogICAgJHJlc3VsdC5jYW5fcGF1c2VfYW5kX2NvbnRpbnVlID0gJHN2Yy5DYW5QYXVzZUFuZENvbnRpbnVlCn0KCkZ1bmN0aW9uIEdldC1XbWlFcnJvck1lc3NhZ2UoJHJldHVybl92YWx1ZSkgewogICAgIyBUaGVzZSB2YWx1ZXMgYXJlIGRlcml2ZWQgZnJvbSBodHRwczovL21zZG4ubWljcm9zb2Z0LmNvbS9lbi11cy9saWJyYXJ5L2FhMzg0OTAxKHY9dnMuODUpLmFzcHgKICAgIHN3aXRjaCAoJHJldHVybl92YWx1ZSkgewogICAgICAgIDEgeyAiTm90IFN1cHBvcnRlZDogVGhlIHJlcXVlc3QgaXMgbm90IHN1cHBvcnRlZCIgfQogICAgICAgIDIgeyAiQWNjZXNzIERlbmllZDogVGhlIHVzZXIgZGlkIG5vdCBoYXZlIHRoZSBuZWNlc3NhcnkgYWNjZXNzIiB9CiAgICAgICAgMyB7ICJEZXBlbmRlbnQgU2VydmljZXMgUnVubmluZzogVGhlIHNlcnZpY2UgY2Fubm90IGJlIHN0b3BwZWQgYmVjYXVzZSBvdGhlciBzZXJ2aWNlcyB0aGF0IGFyZSBydW5uaW5nIGFyZSBkZXBlbmRlbnQgb24gaXQiIH0KICAgICAgICA0IHsgIkludmFsaWQgU2VydmljZSBDb250cm9sOiBUaGUgcmVxdWVzdGVkIGNvbnRyb2wgY29kZSBpcyBub3QgdmFsaWQsIG9yIGl0IGlzIHVuYWNjZXB0YWJsZSB0byB0aGUgc2VydmljZSIgfQogICAgICAgIDUgeyAiU2VydmljZSBDYW5ub3QgQWNjZXB0IENvbnRyb2w6IFRoZSByZXF1ZXN0ZWQgY29udHJvbCBjb2RlIGNhbm5vdCBiZSBzZW50IHRvIHRoZSBzZXJ2aWNlIGJlY2F1c2UgdGhlIHN0YXRlIG9mIHRoZSBzZXJ2aWNlIChXaW4zMl9CYXNlU2VydmljZS5TdGF0ZSBwcm9wZXJ0eSkgaXMgZXF1YWwgdG8gMCwgMSwgb3IgMiIgfQogICAgICAgIDYgeyAiU2VydmljZSBOb3QgQWN0aXZlOiBUaGUgc2VydmljZSBoYXMgbm90IGJlZW4gc3RhcnRlZCIgfQogICAgICAgIDcgeyAiU2VydmljZSBSZXF1ZXN0IFRpbWVvdXQ6IFRoZSBzZXJ2aWNlIGRpZCBub3QgcmVzcG9uZCB0byB0aGUgc3RhcnQgcmVxdWVzdCBpbiBhIHRpbWVseSBmYXNoaW9uIiB9CiAgICAgICAgOCB7ICJVbmtub3duIEZhaWx1cmU6IFVua25vd24gZmFpbHVyZSB3aGVuIHN0YXJ0aW5nIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgOSB7ICJQYXRoIE5vdCBGb3VuZDogVGhlIGRpcmVjdG9yeSBwYXRoIHRvIHRoZSBzZXJ2aWNlIGV4ZWN1dGFibGUgZmlsZSB3YXMgbm90IGZvdW5kIiB9CiAgICAgICAgMTAgeyAiU2VydmljZSBBbHJlYWR5IFJ1bm5pbmc6IFRoZSBzZXJ2aWNlIGlzIGFscmVhZHkgcnVubmluZyIgfQogICAgICAgIDExIHsgIlNlcnZpY2UgRGF0YWJhc2UgTG9ja2VkOiBUaGUgZGF0YWJhc2UgdG8gYWRkIGEgbmV3IHNlcnZpY2UgaXMgbG9ja2VkIiB9CiAgICAgICAgMTIgeyAiU2VydmljZSBEZXBlbmRlbmN5IERlbGV0ZWQ6IEEgZGVwZW5kZW5jeSB0aGlzIHNlcnZpY2UgcmVsaWVzIG9uIGhhcyBiZWVuIHJlbW92ZWQgZnJvbSB0aGUgc3lzdGVtIiB9CiAgICAgICAgMTMgeyAiU2VydmljZSBEZXBlbmRlbmN5IEZhaWx1cmU6IFRoZSBzZXJ2aWNlIGZhaWxlZCB0byBmaW5kIHRoZSBzZXJ2aWNlIG5lZWRlZCBmcm9tIGEgZGVwZW5kZW50IHNlcnZpY2UiIH0KICAgICAgICAxNCB7ICJTZXJ2aWNlIERpc2FibGVkOiBUaGUgc2VydmljZSBoYXMgYmVlbiBkaXNhYmxlZCBmcm9tIHRoZSBzeXN0ZW0iIH0KICAgICAgICAxNSB7ICJTZXJ2aWNlIExvZ29uIEZhaWxlZDogVGhlIHNlcnZpY2UgZG9lcyBub3QgaGF2ZSB0aGUgY29ycmVjdCBhdXRoZW50aWNhdGlvbiB0byBydW4gb24gdGhlIHN5c3RlbSIgfQogICAgICAgIDE2IHsgIlNlcnZpY2UgTWFya2VkIEZvciBEZWxldGlvbjogVGhpcyBzZXJ2aWNlIGlzIGJlaW5nIHJlbW92ZWQgZnJvbSB0aGUgc3lzdGVtIiB9CiAgICAgICAgMTcgeyAiU2VydmljZSBObyBUaHJlYWQ6IFRoZSBzZXJ2aWNlIGhhcyBubyBleGVjdXRpb24gdGhyZWFkIiB9CiAgICAgICAgMTggeyAiU3RhdHVzIENpcmN1bGFyIERlcGVuZGVuY3k6IFRoZSBzZXJ2aWNlIGhhcyBjaXJjdWxhciBkZXBlbmRlbmNpZXMgd2hlbiBpdCBzdGFydHMiIH0KICAgICAgICAxOSB7ICJTdGF0dXMgRHVwbGljYXRlIE5hbWU6IEEgc2VydmljZSBpcyBydW5uaW5nIHVuZGVyIHRoZSBzYW1lIG5hbWUiIH0KICAgICAgICAyMCB7ICJTdGF0dXMgSW52YWxpZCBOYW1lOiBUaGUgc2VydmljZSBuYW1lIGhhcyBpbnZhbGlkIGNoYXJhY3RlcnMiIH0KICAgICAgICAyMSB7ICJTdGF0dXMgSW52YWxpZCBQYXJhbWV0ZXI6IEludmFsaWQgcGFyYW1ldGVycyBoYXZlIGJlZW4gcGFzc2VkIHRvIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgMjIgeyAiU3RhdHVzIEludmFsaWQgU2VydmljZSBBY2NvdW50OiBUaGUgYWNjb3VudCB1bmRlciB3aGljaCB0aGlzIHNlcnZpY2UgcnVucyBpcyBlaXRoZXIgaW52YWxpZCBvciBsYWNrcyB0aGUgcGVybWlzc2lvbnMgdG8gcnVuIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgMjMgeyAiU3RhdHVzIFNlcnZpY2UgRXhpc3RzOiBUaGUgc2VydmljZSBleGlzdHMgaW4gdGhlIGRhdGFiYXNlIG9mIHNlcnZpY2VzIGF2YWlsYWJsZSBmcm9tIHRoZSBzeXN0ZW0iIH0KICAgICAgICAyNCB7ICJTZXJ2aWNlIEFscmVhZHkgUGF1c2VkOiBUaGUgc2VydmljZSBpcyBjdXJyZW50bHkgcGF1c2VkIGluIHRoZSBzeXN0ZW0iIH0KICAgICAgICBkZWZhdWx0IHsgIk90aGVyIEVycm9yIiB9CiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1EZWxheWVkU3RhdHVzKCRuYW1lKSB7CiAgICAkZGVsYXllZF9rZXkgPSAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCRuYW1lIgogICAgdHJ5IHsKICAgICAgICAkZGVsYXllZCA9IENvbnZlcnRUby1Cb29sICgoR2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5KS5EZWxheWVkQXV0b3N0YXJ0KQogICAgfSBjYXRjaCB7CiAgICAgICAgJGRlbGF5ZWQgPSAkZmFsc2UKICAgIH0KCiAgICAkZGVsYXllZAp9CgpGdW5jdGlvbiBTZXQtU2VydmljZVN0YXJ0TW9kZSgkc3ZjLCAkc3RhcnRfbW9kZSkgewogICAgaWYgKCRyZXN1bHQuc3RhcnRfbW9kZSAtbmUgJHN0YXJ0X21vZGUpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkZGVsYXllZF9rZXkgPSAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCQoJHN2Yy5OYW1lKSIKICAgICAgICAgICAgIyBPcmlnaW5hbCBzdGFydCB1cCB0eXBlIHdhcyBhdXRvIChkZWxheWVkKSBhbmQgd2Ugd2FudCBhdXRvLCBuZWVkIHRvIHJlbW92ZWQgZGVsYXllZCBrZXkKICAgICAgICAgICAgaWYgKCRzdGFydF9tb2RlIC1lcSAnYXV0bycgLWFuZCAkcmVzdWx0LnN0YXJ0X21vZGUgLWVxICdkZWxheWVkJykgewogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMCAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgYXV0byBhbmQgd2Ugd2FudCBhdXRvIChkZWxheWVkKSwgbmVlZCB0byBhZGQgZGVsYXllZCBrZXkKICAgICAgICAgICAgfSBlbHNlaWYgKCRzdGFydF9tb2RlIC1lcSAnZGVsYXllZCcgLWFuZCAkcmVzdWx0LnN0YXJ0X21vZGUgLWVxICdhdXRvJykgewogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMSAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgbm90IGF1dG8gb3IgYXV0byAoZGVsYXllZCksIG5lZWQgdG8gY2hhbmdlIHRvIGF1dG8gYW5kIGFkZCBkZWxheWVkIGtleQogICAgICAgICAgICB9IGVsc2VpZiAoJHN0YXJ0X21vZGUgLWVxICdkZWxheWVkJykgewogICAgICAgICAgICAgICAgJHN2YyB8IFNldC1TZXJ2aWNlIC1TdGFydHVwVHlwZSAiYXV0byIgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMSAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgbm90IHdoYXQgd2Ugd2VyZSBsb29raW5nIGZvciwganVzdCBjaGFuZ2UgdG8gdGhhdCB0eXBlCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICAkc3ZjIHwgU2V0LVNlcnZpY2UgLVN0YXJ0dXBUeXBlICRzdGFydF9tb2RlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgIH0KICAgICAgICAKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgpGdW5jdGlvbiBTZXQtU2VydmljZUFjY291bnQoJHdtaV9zdmMsICR1c2VybmFtZV9zaWQsICR1c2VybmFtZSwgJHBhc3N3b3JkKSB7CiAgICBpZiAoJHJlc3VsdC51c2VybmFtZSAtZXEgIkxvY2FsU3lzdGVtIikgewogICAgICAgICRhY3R1YWxfc2lkID0gIlMtMS01LTE4IgogICAgfSBlbHNlIHsKICAgICAgICAkYWN0dWFsX3NpZCA9IENvbnZlcnQtVG9TSUQgLWFjY291bnRfbmFtZSAkcmVzdWx0LnVzZXJuYW1lCiAgICB9CgogICAgaWYgKCRhY3R1YWxfc2lkIC1uZSAkdXNlcm5hbWVfc2lkKSB7CiAgICAgICAgJGNoYW5nZV9hcmd1bWVudHMgPSBAewogICAgICAgICAgICBTdGFydE5hbWUgPSAkdXNlcm5hbWUKICAgICAgICAgICAgU3RhcnRQYXNzd29yZCA9ICRwYXNzd29yZAogICAgICAgICAgICBEZXNrdG9wSW50ZXJhY3QgPSAkcmVzdWx0LmRlc2t0b3BfaW50ZXJhY3QKICAgICAgICB9CiAgICAgICAgIyBuZWVkIHRvIGRpc2FibGUgZGVza3RvcCBpbnRlcmFjdCB3aGVuIG5vdCB1c2luZyB0aGUgU1lTVEVNIGFjY291bnQKICAgICAgICBpZiAoJHVzZXJuYW1lX3NpZCAtbmUgIlMtMS01LTE4IikgewogICAgICAgICAgICAkY2hhbmdlX2FyZ3VtZW50cy5EZXNrdG9wSW50ZXJhY3QgPSAkZmFsc2UKICAgICAgICB9CgogICAgICAgICNXTUkuQ2hhbmdlIGRvZXNuJ3Qgc3VwcG9ydCAtV2hhdElmLCBjYW5ub3QgZnVsbHkgdGVzdCB3aXRoIGNoZWNrX21vZGUKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAkcmV0dXJuID0gJHdtaV9zdmMgfCBJbnZva2UtQ2ltTWV0aG9kIC1NZXRob2ROYW1lIENoYW5nZSAtQXJndW1lbnRzICRjaGFuZ2VfYXJndW1lbnRzCiAgICAgICAgICAgIGlmICgkcmV0dXJuLlJldHVyblZhbHVlIC1uZSAwKSB7CiAgICAgICAgICAgICAgICAkZXJyb3JfbXNnID0gR2V0LVdtaUVycm9yTWVzc2FnZSAtcmV0dXJuX3ZhbHVlICRyZXN1bHQuUmV0dXJuVmFsdWUKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBzZXQgc2VydmljZSBhY2NvdW50IHRvICQoJHVzZXJuYW1lKTogJCgkcmV0dXJuLlJldHVyblZhbHVlKSAtICRlcnJvcl9tc2ciCiAgICAgICAgICAgIH0KICAgICAgICB9ICAgICAgICAKCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEZXNrdG9wSW50ZXJhY3QoJHdtaV9zdmMsICRkZXNrdG9wX2ludGVyYWN0KSB7CiAgICBpZiAoJHJlc3VsdC5kZXNrdG9wX2ludGVyYWN0IC1uZSAkZGVza3RvcF9pbnRlcmFjdCkgewogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICRyZXR1cm4gPSAkd21pX3N2YyB8IEludm9rZS1DaW1NZXRob2QgLU1ldGhvZE5hbWUgQ2hhbmdlIC1Bcmd1bWVudHMgQHtEZXNrdG9wSW50ZXJhY3QgPSAkZGVza3RvcF9pbnRlcmFjdH0KICAgICAgICAgICAgaWYgKCRyZXR1cm4uUmV0dXJuVmFsdWUgLW5lIDApIHsKICAgICAgICAgICAgICAgICRlcnJvcl9tc2cgPSBHZXQtV21pRXJyb3JNZXNzYWdlIC1yZXR1cm5fdmFsdWUgJHJldHVybi5SZXR1cm5WYWx1ZQogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRmFpbGVkIHRvIHNldCBkZXNrdG9wIGludGVyYWN0ICQoJGRlc2t0b3BfaW50ZXJhY3QpOiAkKCRyZXR1cm4uUmV0dXJuVmFsdWUpIC0gJGVycm9yX21zZyIKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEaXNwbGF5TmFtZSgkc3ZjLCAkZGlzcGxheV9uYW1lKSB7CiAgICBpZiAoJHJlc3VsdC5kaXNwbGF5X25hbWUgLW5lICRkaXNwbGF5X25hbWUpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU2V0LVNlcnZpY2UgLURpc3BsYXlOYW1lICRkaXNwbGF5X25hbWUgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgIH0KICAgICAgICAKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgpGdW5jdGlvbiBTZXQtU2VydmljZURlc2NyaXB0aW9uKCRzdmMsICRkZXNjcmlwdGlvbikgewogICAgaWYgKCRyZXN1bHQuZGVzY3JpcHRpb24gLW5lICRkZXNjcmlwdGlvbikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgICRzdmMgfCBTZXQtU2VydmljZSAtRGVzY3JpcHRpb24gJGRlc2NyaXB0aW9uIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VQYXRoKCRuYW1lLCAkcGF0aCkgewogICAgaWYgKCRyZXN1bHQucGF0aCAtbmUgJHBhdGgpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICBTZXQtSXRlbVByb3BlcnR5IC1MaXRlcmFsUGF0aCAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCRuYW1lIiAtTmFtZSBJbWFnZVBhdGggLVZhbHVlICRwYXRoIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEZXBlbmRlbmNpZXMoJHdtaV9zdmMsICRkZXBlbmRlbmN5X2FjdGlvbiwgJGRlcGVuZGVuY2llcykgewogICAgJGV4aXN0aW5nX2RlcGVuZGVuY2llcyA9ICRyZXN1bHQuZGVwZW5kZW5jaWVzCiAgICBbU3lzdGVtLkNvbGxlY3Rpb25zLkFycmF5TGlzdF0kbmV3X2RlcGVuZGVuY2llcyA9IEAoKQoKICAgIGlmICgkZGVwZW5kZW5jeV9hY3Rpb24gLWVxICdzZXQnKSB7CiAgICAgICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJGRlcGVuZGVuY2llcykgewogICAgICAgICAgICAkbmV3X2RlcGVuZGVuY2llcy5BZGQoJGRlcGVuZGVuY3kpCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkbmV3X2RlcGVuZGVuY2llcyA9ICRleGlzdGluZ19kZXBlbmRlbmNpZXMKICAgICAgICBmb3JlYWNoICgkZGVwZW5kZW5jeSBpbiAkZGVwZW5kZW5jaWVzKSB7CiAgICAgICAgICAgIGlmICgkZGVwZW5kZW5jeV9hY3Rpb24gLWVxICdyZW1vdmUnKSB7CiAgICAgICAgICAgICAgICBpZiAoJG5ld19kZXBlbmRlbmNpZXMgLWNvbnRhaW5zICRkZXBlbmRlbmN5KSB7CiAgICAgICAgICAgICAgICAgICAgJG5ld19kZXBlbmRlbmNpZXMuUmVtb3ZlKCRkZXBlbmRlbmN5KQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2VpZiAoJGRlcGVuZGVuY3lfYWN0aW9uIC1lcSAnYWRkJykgewogICAgICAgICAgICAgICAgaWYgKCRuZXdfZGVwZW5kZW5jaWVzIC1ub3Rjb250YWlucyAkZGVwZW5kZW5jeSkgewogICAgICAgICAgICAgICAgICAgICRuZXdfZGVwZW5kZW5jaWVzLkFkZCgkZGVwZW5kZW5jeSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAkd2lsbF9jaGFuZ2UgPSAkZmFsc2UKICAgIGZvcmVhY2ggKCRkZXBlbmRlbmN5IGluICRuZXdfZGVwZW5kZW5jaWVzKSB7CiAgICAgICAgaWYgKCRleGlzdGluZ19kZXBlbmRlbmNpZXMgLW5vdGNvbnRhaW5zICRkZXBlbmRlbmN5KSB7CiAgICAgICAgICAgICR3aWxsX2NoYW5nZSA9ICR0cnVlCiAgICAgICAgfQogICAgfQogICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJGV4aXN0aW5nX2RlcGVuZGVuY2llcykgewogICAgICAgIGlmICgkbmV3X2RlcGVuZGVuY2llcyAtbm90Y29udGFpbnMgJGRlcGVuZGVuY3kpIHsKICAgICAgICAgICAgJHdpbGxfY2hhbmdlID0gJHRydWUKICAgICAgICB9CiAgICB9CgogICAgaWYgKCR3aWxsX2NoYW5nZSAtZXEgJHRydWUpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAkcmV0dXJuID0gJHdtaV9zdmMgfCBJbnZva2UtQ2ltTWV0aG9kIC1NZXRob2ROYW1lIENoYW5nZSAtQXJndW1lbnRzIEB7U2VydmljZURlcGVuZGVuY2llcyA9ICRuZXdfZGVwZW5kZW5jaWVzfQogICAgICAgICAgICBpZiAoJHJldHVybi5SZXR1cm5WYWx1ZSAtbmUgMCkgewogICAgICAgICAgICAgICAgJGVycm9yX21zZyA9IEdldC1XbWlFcnJvck1lc3NhZ2UgLXJldHVybl92YWx1ZSAkcmV0dXJuLlJldHVyblZhbHVlCiAgICAgICAgICAgICAgICAkZGVwX3N0cmluZyA9ICRuZXdfZGVwZW5kZW5jaWVzIC1qb2luICIsICIKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBzZXQgc2VydmljZSBkZXBlbmRlbmNpZXMgJCgkZGVwX3N0cmluZyk6ICQoJHJldHVybi5SZXR1cm5WYWx1ZSkgLSAkZXJyb3JfbXNnIgogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1TZXJ2aWNlU3RhdGUoJHN2YywgJHdtaV9zdmMsICRzdGF0ZSkgewogICAgaWYgKCRzdGF0ZSAtZXEgInN0YXJ0ZWQiIC1hbmQgJHJlc3VsdC5zdGF0ZSAtbmUgInJ1bm5pbmciKSB7CiAgICAgICAgaWYgKCRyZXN1bHQuc3RhdGUgLWVxICJwYXVzZWQiKSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3ZjIHwgUmVzdW1lLVNlcnZpY2UgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJmYWlsZWQgdG8gc3RhcnQgc2VydmljZSBmcm9tIHBhdXNlZCBzdGF0ZSAkKCRzdmMuTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgdHJ5IHsKICAgICAgICAgICAgICAgICRzdmMgfCBTdGFydC1TZXJ2aWNlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgInN0b3BwZWQiIC1hbmQgJHJlc3VsdC5zdGF0ZSAtbmUgInN0b3BwZWQiKSB7CiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHN2YyB8IFN0b3AtU2VydmljZSAtRm9yY2U6JGZvcmNlX2RlcGVuZGVudF9zZXJ2aWNlcyAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICRfLkV4Y2VwdGlvbi5NZXNzYWdlCiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgInJlc3RhcnRlZCIpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgUmVzdGFydC1TZXJ2aWNlIC1Gb3JjZTokZm9yY2VfZGVwZW5kZW50X3NlcnZpY2VzIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAicGF1c2VkIiAtYW5kICRyZXN1bHQuc3RhdGUgLW5lICJwYXVzZWQiKSB7CiAgICAgICAgIyBjaGVjayB0aGF0IHdlIGNhbiBhY3R1YWxseSBwYXVzZSB0aGUgc2VydmljZQogICAgICAgIGlmICgkcmVzdWx0LmNhbl9wYXVzZV9hbmRfY29udGludWUgLWVxICRmYWxzZSkgewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAiZmFpbGVkIHRvIHBhdXNlIHNlcnZpY2UgJCgkc3ZjLk5hbWUpOiBUaGUgc2VydmljZSBkb2VzIG5vdCBzdXBwb3J0IHBhdXNpbmciCiAgICAgICAgfQoKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU3VzcGVuZC1TZXJ2aWNlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgI ScriptBlock ID: fd0eeaaa-b65e-4a96-b22a-ccdb2f9ed91a Path:	4104	1		3	2	15	0	1598	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2692	4216	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:06 PM	839e3e65-ff4b-0002-82cf-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): dCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTQsIENocmlzIEhvZmZtYW4gPGNob2ZmbWFuQGNoYXRoYW1maW5hbmNpYWwuY29tPgojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5TSUQKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCiRjaGVja19tb2RlID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ19hbnNpYmxlX2NoZWNrX21vZGUnIC10eXBlICdib29sJyAtZGVmYXVsdCAkZmFsc2UKCiRkZXBlbmRlbmNpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnZGVwZW5kZW5jaWVzJyAtdHlwZSAnbGlzdCcgLWRlZmF1bHQgJG51bGwKJGRlcGVuZGVuY3lfYWN0aW9uID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ2RlcGVuZGVuY3lfYWN0aW9uJyAtdHlwZSAnc3RyJyAtZGVmYXVsdCAnc2V0JyAtdmFsaWRhdGVzZXQgJ2FkZCcsJ3JlbW92ZScsJ3NldCcgCiRkZXNjcmlwdGlvbiA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdkZXNjcmlwdGlvbicgLXR5cGUgJ3N0cicKJGRlc2t0b3BfaW50ZXJhY3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnZGVza3RvcF9pbnRlcmFjdCcgLXR5cGUgJ2Jvb2wnIC1kZWZhdWx0ICRmYWxzZQokZGlzcGxheV9uYW1lID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ2Rpc3BsYXlfbmFtZScgLXR5cGUgJ3N0cicKJGZvcmNlX2RlcGVuZGVudF9zZXJ2aWNlcyA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdmb3JjZV9kZXBlbmRlbnRfc2VydmljZXMnIC10eXBlICdib29sJyAtZGVmYXVsdCAkZmFsc2UKJG5hbWUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnbmFtZScgLXR5cGUgJ3N0cicgLWZhaWxpZmVtcHR5ICR0cnVlCiRwYXNzd29yZCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdwYXNzd29yZCcgLXR5cGUgJ3N0cicKJHBhdGggPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAncGF0aCcKJHN0YXJ0X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnc3RhcnRfbW9kZScgLXR5cGUgJ3N0cicgLXZhbGlkYXRlc2V0ICdhdXRvJywnbWFudWFsJywnZGlzYWJsZWQnLCdkZWxheWVkJwokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnc3RhdGUnIC10eXBlICdzdHInIC12YWxpZGF0ZXNldCAnc3RhcnRlZCcsJ3N0b3BwZWQnLCdyZXN0YXJ0ZWQnLCdhYnNlbnQnLCdwYXVzZWQnCiR1c2VybmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICd1c2VybmFtZScgLXR5cGUgJ3N0cicKCiRyZXN1bHQgPSBAewogICAgY2hhbmdlZCA9ICRmYWxzZQp9CgojIHBhcnNlIHRoZSB1c2VybmFtZSB0byBTSUQgYW5kIGJhY2sgc28gd2UgZ2V0IHRoZSBmdWxsIHVzZXJuYW1lIHdpdGggZG9tYWluIGluIGEgd2F5IFdNSSB1bmRlcnN0YW5kcwppZiAoJHVzZXJuYW1lIC1uZSAkbnVsbCkgewogICAgaWYgKCR1c2VybmFtZSAtZXEgIkxvY2FsU3lzdGVtIikgewogICAgICAgICR1c2VybmFtZV9zaWQgPSAiUy0xLTUtMTgiCiAgICB9IGVsc2UgewogICAgICAgICR1c2VybmFtZV9zaWQgPSBDb252ZXJ0LVRvU0lEIC1hY2NvdW50X25hbWUgJHVzZXJuYW1lCiAgICB9CgogICAgIyB0aGUgU1lTVEVNIGFjY291bnQgaXMgYSBzcGVjaWFsIGJlYXN0LCBXaW4zMl9TZXJ2aWNlIENoYW5nZSByZXF1aXJlcyBTdGFydE5hbWUgdG8gYmUgTG9jYWxTeXN0ZW0KICAgICMgdG8gc3BlY2lmeSBMb2NhbFN5c3RlbS9OVCBBVVRIT1JJVFlcU1lTVEVNCiAgICBpZiAoJHVzZXJuYW1lX3NpZCAtZXEgIlMtMS01LTE4IikgewogICAgICAgICR1c2VybmFtZSA9ICJMb2NhbFN5c3RlbSIKICAgICAgICAkcGFzc3dvcmQgPSAkbnVsbAogICAgfSBlbHNlIHsKICAgICAgICAjIFdpbjMyX1NlcnZpY2UsIHBhc3N3b3JkIG11c3QgYmUgIiIgYW5kIG5vdCAkbnVsbCB3aGVuIHNldHRpbmcgdG8gTG9jYWxTZXJ2aWNlIG9yIE5ldHdvcmtTZXJ2aWNlCiAgICAgICAgaWYgKCR1c2VybmFtZV9zaWQgLWluIEAoIlMtMS01LTE5IiwgIlMtMS01LTIwIikpIHsKICAgICAgICAgICAgJHBhc3N3b3JkID0gIiIKICAgICAgICB9CiAgICAgICAgJHVzZXJuYW1lID0gQ29udmVydC1Gcm9tU0lEIC1zaWQgJHVzZXJuYW1lX3NpZAogICAgfQp9CmlmICgkcGFzc3dvcmQgLW5lICRudWxsIC1hbmQgJHVzZXJuYW1lIC1lcSAkbnVsbCkgewogICAgRmFpbC1Kc29uICRyZXN1bHQgIlRoZSBhcmd1bWVudCAndXNlcm5hbWUnIG11c3QgYmUgc3VwcGxpZWQgd2l0aCAncGFzc3dvcmQnIgp9CmlmICgkZGVza3RvcF9pbnRlcmFjdCAtZXEgJHRydWUgLWFuZCAoLW5vdCAoJHVzZXJuYW1lIC1lcSAiTG9jYWxTeXN0ZW0iIC1vciAkdXNlcm5hbWUgLWVxICRudWxsKSkpIHsKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJDYW4gb25seSBzZXQgJ2Rlc2t0b3BfaW50ZXJhY3QnIHRvIHRydWUgd2hlbiAndXNlcm5hbWUnIGVxdWFscyAnTG9jYWxTeXN0ZW0nIgp9CmlmICgkcGF0aCAtbmUgJG51bGwpIHsKICAgICRwYXRoID0gW1N5c3RlbS5FbnZpcm9ubWVudF06OkV4cGFuZEVudmlyb25tZW50VmFyaWFibGVzKCRwYXRoKQp9CgpGdW5jdGlvbiBHZXQtU2VydmljZUluZm8oJG5hbWUpIHsKICAgICMgTmVlZCB0byBnZXQgbmV3IG9iamVjdHMgc28gd2UgaGF2ZSB0aGUgbGF0ZXN0IGluZm8KICAgICRzdmMgPSBHZXQtU2VydmljZSB8IFdoZXJlLU9iamVjdCB7ICRfLk5hbWUgLWVxICRuYW1lIC1vciAkXy5EaXNwbGF5TmFtZSAtZXEgJG5hbWUgfQogICAgJHdtaV9zdmMgPSBHZXQtQ2ltSW5zdGFuY2UgLUNsYXNzTmFtZSBXaW4zMl9TZXJ2aWNlIC1GaWx0ZXIgIm5hbWU9JyQoJHN2Yy5OYW1lKSciCgogICAgIyBEZWxheWVkIHN0YXJ0X21vZGUgaXMgaW4gcmVhbGl0eSBBdXRvbWF0aWMgKERlbGF5ZWQpLCBuZWVkIHRvIGNoZWNrIHJlZyBrZXkgZm9yIHR5cGUKICAgICRkZWxheWVkID0gR2V0LURlbGF5ZWRTdGF0dXMgLW5hbWUgJHN2Yy5OYW1lCiAgICAkYWN0dWFsX3N0YXJ0X21vZGUgPSAkd21pX3N2Yy5TdGFydE1vZGUuVG9TdHJpbmcoKS5Ub0xvd2VyKCkgCiAgICBpZiAoJGRlbGF5ZWQgLWFuZCAkYWN0dWFsX3N0YXJ0X21vZGUgLWVxICdhdXRvJykgewogICAgICAgICRhY3R1YWxfc3RhcnRfbW9kZSA9ICdkZWxheWVkJwogIC ScriptBlock ID: fd0eeaaa-b65e-4a96-b22a-ccdb2f9ed91a Path:	4104	1		3	2	15	0	1597	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2692	4216	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:06 PM	839e3e65-ff4b-0002-82cf-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.SID": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCkZ1bmN0aW9uIENvbnZlcnQtRnJvbVNJRCgkc2lkKSB7CiAgICAjIENvbnZlcnRzIGEgU0lEIHRvIGEgRG93bi1MZXZlbCBMb2dvbiBuYW1lIGluIHRoZSBmb3JtIG9mIERPTUFJTlxVc2VyTmFtZQogICAgIyBJZiB0aGUgU0lEIGlzIGZvciBhIGxvY2FsIHVzZXIgb3IgZ3JvdXAgdGhlbiBET01BSU4gd291bGQgYmUgdGhlIHNlcnZlcgogICAgIyBuYW1lLgoKICAgICRhY2NvdW50X29iamVjdCA9IE5ldy1PYmplY3QgU3lzdGVtLlNlY3VyaXR5LlByaW5jaXBhbC5TZWN1cml0eUlkZW50aWZpZXIoJHNpZCkKICAgIHRyeSB7CiAgICAgICAgJG50X2FjY291bnQgPSAkYWNjb3VudF9vYmplY3QuVHJhbnNsYXRlKFtTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudF0pCiAgICB9IGNhdGNoIHsKICAgICAgICBGYWlsLUpzb24gLW9iaiBAe30gLW1lc3NhZ2UgImZhaWxlZCB0byBjb252ZXJ0IHNpZCAnJHNpZCcgdG8gYSBsb2dvbiBuYW1lOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KCiAgICByZXR1cm4gJG50X2FjY291bnQuVmFsdWUKfQoKRnVuY3Rpb24gQ29udmVydC1Ub1NJRCB7CiAgICBbRGlhZ25vc3RpY3MuQ29kZUFuYWx5c2lzLlN1cHByZXNzTWVzc2FnZUF0dHJpYnV0ZSgiUFNBdm9pZFVzaW5nRW1wdHlDYXRjaEJsb2NrIiwgIiIsIEp1c3RpZmljYXRpb249IldlIGRvbid0IGNhcmUgaWYgY29udmVydGluZyB0byBhIFNJRCBmYWlscywganVzdCB0aGF0IGl0IGZhaWxlZCBvciBub3QiKV0KICAgIHBhcmFtKCRhY2NvdW50X25hbWUpCiAgICAjIENvbnZlcnRzIGFuIGFjY291bnQgbmFtZSB0byBhIFNJRCwgaXQgY2FuIHRha2UgaW4gdGhlIGZvbGxvd2luZyBmb3JtcwogICAgIyBTSUQ6IFdpbGwganVzdCByZXR1cm4gdGhlIFNJRCB2YWx1ZSB0aGF0IHdhcyBwYXNzZWQgaW4KICAgICMgVVBOOgogICAgIyAgIHByaW5jaXBhbEBkb21haW4gKERvbWFpbiB1c2VycyBvbmx5KQogICAgIyBEb3duLUxldmVsIExvZ2luIE5hbWUKICAgICMgICBET01BSU5ccHJpbmNpcGFsIChEb21haW4pCiAgICAjICAgU0VSVkVSTkFNRVxwcmluY2lwYWwgKExvY2FsKQogICAgIyAgIC5ccHJpbmNpcGFsIChMb2NhbCkKICAgICMgICBOVCBBVVRIT1JJVFlcU1lTVEVNIChMb2NhbCBTZXJ2aWNlIEFjY291bnRzKQogICAgIyBMb2dpbiBOYW1lCiAgICAjICAgcHJpbmNpcGFsIChMb2NhbC9Mb2NhbCBTZXJ2aWNlIEFjY291bnRzKQoKICAgIHRyeSB7CiAgICAgICAgJHNpZCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5QcmluY2lwYWwuU2VjdXJpdHlJZGVudGlmaWVyIC1Bcmd1bWVudExpc3QgJGFjY291bnRfbmFtZQogICAgICAgIHJldHVybiAkc2lkLlZhbHVlCiAgICB9IGNhdGNoIHt9CgogICAgaWYgKCRhY2NvdW50X25hbWUgLWxpa2UgIipcKiIpIHsKICAgICAgICAkYWNjb3VudF9uYW1lX3NwbGl0ID0gJGFjY291bnRfbmFtZSAtc3BsaXQgIlxcIgogICAgICAgIGlmICgkYWNjb3VudF9uYW1lX3NwbGl0WzBdIC1lcSAiLiIpIHsKICAgICAgICAgICAgJGRvbWFpbiA9ICRlbnY6Q09NUFVURVJOQU1FCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJGRvbWFpbiA9ICRhY2NvdW50X25hbWVfc3BsaXRbMF0KICAgICAgICB9CiAgICAgICAgJHVzZXJuYW1lID0gJGFjY291bnRfbmFtZV9zcGxpdFsxXQogICAgfSBlbHNlaWYgKCRhY2NvdW50X25hbWUgLWxpa2UgIipAKiIpIHsKICAgICAgICAkYWNjb3VudF9uYW1lX3NwbGl0ID0gJGFjY291bnRfbmFtZSAtc3BsaXQgIkAiCiAgICAgICAgJGRvbWFpbiA9ICRhY2NvdW50X25hbWVfc3BsaXRbMV0KICAgICAgICAkdXNlcm5hbWUgPSAkYWNjb3VudF9uYW1lX3NwbGl0WzBdCiAgICB9IGVsc2UgewogICAgICAgICRkb21haW4gPSAkbnVsbAogICAgICAgICR1c2VybmFtZSA9ICRhY2NvdW50X25hbWUKICAgIH0KCiAgICBpZiAoJGRvbWFpbikgewogICAgICAgICMgc2VhcmNoaW5nIGZvciBhIGxvY2FsIGdyb3VwIHdpdGggdGhlIHNlcnZlcm5hbWUgcHJlZml4ZWQgd2lsbCBmYWlsLAogICAgICAgICMgbmVlZCB0byBjaGVjayBmb3IgdGhpcyBzaXR1YXRpb24gYW5kIG9ubHkgdXNlIE5UQWNjb3VudChTdHJpbmcpCiAgICAgICAgaWYgKCRkb21haW4gLWVxICRlbnY6Q09NUFVURVJOQU1FKSB7CiAgICAgICAgICAgICRhZHNpID0gW0FEU0ldKCJXaW5OVDovLyRlbnY6Q09NUFVURVJOQU1FLGNvbXB1dGVyIikKICAgICAgICAgICAgJGdyb3VwID0gJGFkc2kucHNiYXNlLmNoaWxkcmVuIHwgV2hlcmUtT2JqZWN0IHsgJF8uc2NoZW1hQ2xhc3NOYW1lIC1lcSAiZ3JvdXAiIC1hbmQgJF8uTmFtZSAtZXEgJHVzZXJuYW1lIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZ3JvdXAgPSAkbnVsbAogICAgICAgIH0KICAgICAgICBpZiAoJGdyb3VwKSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkdXNlcm5hbWUpCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJGFjY291bnQgPSBOZXctT2JqZWN0IFN5c3RlbS5TZWN1cml0eS5QcmluY2lwYWwuTlRBY2NvdW50KCRkb21haW4sICR1c2VybmFtZSkKICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICMgd2hlbiBpbiBhIGRvbWFpbiBOVEFjY291bnQoU3RyaW5nKSB3aWxsIGZhdm91ciBkb21haW4gbG9va3VwcyBjaGVjawogICAgICAgICMgaWYgdXNlcm5hbWUgaXMgYSBsb2NhbCB1c2VyIGFuZCBleHBsaWN0bHkgc2VhcmNoIG9uIHRoZSBsb2NhbGhvc3QgZm9yCiAgICAgICAgIyB0aGF0IGFjY291bnQKICAgICAgICAkYWRzaSA9IFtBRFNJXSgiV2luTlQ6Ly8kZW52OkNPTVBVVEVSTkFNRSxjb21wdXRlciIpCiAgICAgICAgJHVzZXIgPSAkYWRzaS5wc2Jhc2UuY2hpbGRyZW4gfCBXaGVyZS1PYmplY3QgeyAkXy5zY2hlbWFDbGFzc05hbWUgLWVxICJ1c2VyIiAtYW5kICRfLk5hbWUgLWVxICR1c2VybmFtZSB9CiAgICAgICAgaWYgKCR1c2VyKSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkZW52OkNPTVBVVEVSTkFNRSwgJHVzZXJuYW1lKQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkdXNlcm5hbWUpCiAgICAgICAgfQogICAgfQogICAgCiAgICB0cnkgewogICAgICAgICRhY2NvdW50X3NpZCA9ICRhY2NvdW50LlRyYW5zbGF0ZShbU3lzdGVtLlNlY3VyaXR5LlByaW5jaXBhbC5TZWN1cml0eUlkZW50aWZpZXJdKQogICAgfSBjYXRjaCB7CiAgICAgICAgRmFpbC1Kc29uIEB7fSAiYWNjb3VudF9uYW1lICRhY2NvdW50X25hbWUgaXMgbm90IGEgdmFsaWQgYWNjb3VudCwgY2Fubm90IGdldCBTSUQ6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQogICAgCiAgICByZXR1cm4gJGFjY291bnRfc2lkLlZhbHVlCn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhh ScriptBlock ID: fd0eeaaa-b65e-4a96-b22a-ccdb2f9ed91a Path:	4104	1		3	2	15	0	1596	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2692	4216	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:06 PM	839e3e65-ff4b-0002-82cf-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1595	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2692	2116	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:06 PM	839e3e65-ff4b-0002-80cf-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2692 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1594	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2692	1088	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:06 PM	839e3e65-ff4b-0002-80cf-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1593	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2692	2116	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:06 PM	839e3e65-ff4b-0002-80cf-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 793d63fa-5247-429b-89d9-9cf68382a55a Path:	4104	1		3	2	15	0	1592	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2028	3900	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:04 PM	839e3e65-ff4b-0000-3c4c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: d81c7a79-b091-4540-9af8-7fd7aaaedd40 Path:	4104	1		3	2	15	0	1591	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2028	3900	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:04 PM	839e3e65-ff4b-0000-2d4c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): lLU9iamVjdCBhcyAtTmFtZSBkb2Vzbid0IHdvcmsgd2l0aCBbXSBpbiB0aGUgc2VydmljZSBuYW1lCiMgaHR0cHM6Ly9naXRodWIuY29tL2Fuc2libGUvYW5zaWJsZS9pc3N1ZXMvMzc2MjEKJHN2YyA9IEdldC1TZXJ2aWNlIHwgV2hlcmUtT2JqZWN0IHsgJF8uTmFtZSAtZXEgJG5hbWUgLW9yICRfLkRpc3BsYXlOYW1lIC1lcSAkbmFtZSB9CmlmICgkc3ZjKSB7CiAgICBTZXQtU2VydmljZUNvbmZpZ3VyYXRpb24gLXN2YyAkc3ZjCn0gZWxzZSB7CiAgICAkcmVzdWx0LmV4aXN0cyA9ICRmYWxzZQogICAgaWYgKCRzdGF0ZSAtbmUgJ2Fic2VudCcpIHsKICAgICAgICAjIENoZWNrIGlmIHBhdGggaXMgZGVmaW5lZCwgaWYgc28gY3JlYXRlIHRoZSBzZXJ2aWNlCiAgICAgICAgaWYgKCRwYXRoIC1uZSAkbnVsbCkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgTmV3LVNlcnZpY2UgLU5hbWUgJG5hbWUgLUJpbmFyeVBhdGhuYW1lICRwYXRoIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCgogICAgICAgICAgICAkc3ZjID0gR2V0LVNlcnZpY2UgfCBXaGVyZS1PYmplY3QgeyAkXy5OYW1lIC1lcSAkbmFtZSB9CiAgICAgICAgICAgIFNldC1TZXJ2aWNlQ29uZmlndXJhdGlvbiAtc3ZjICRzdmMKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAjIFdlIHdpbGwgb25seSByZWFjaCBoZXJlIGlmIHRoZSBzZXJ2aWNlIGlzIGluc3RhbGxlZCBhbmQgdGhlIHN0YXRlIGlzIG5vdCBhYnNlbnQKICAgICAgICAgICAgIyBXaWxsIGNoZWNrIGlmIGFueSBvZiB0aGUgZGVmYXVsdCBhY3Rpb25zIGFyZSBzZXQgYW5kIGZhaWwgYXMgd2UgY2Fubm90IGFjdGlvbiBpdAogICAgICAgICAgICBpZiAoJHN0YXJ0X21vZGUgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJHN0YXRlIC1uZSAkbnVsbCAtb3IKICAgICAgICAgICAgICAgICR1c2VybmFtZSAtbmUgJG51bGwgLW9yCiAgICAgICAgICAgICAgICAkcGFzc3dvcmQgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRpc3BsYXlfbmFtZSAtbmUgJG51bGwgLW9yCiAgICAgICAgICAgICAgICAkZGVzY3JpcHRpb24gLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRlc2t0b3BfaW50ZXJhY3QgLW5lICRmYWxzZSAtb3IKICAgICAgICAgICAgICAgICRkZXBlbmRlbmNpZXMgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRlcGVuZGVuY3lfYWN0aW9uIC1uZSAnc2V0JykgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJTZXJ2aWNlICckbmFtZScgaXMgbm90IGluc3RhbGxlZCwgbmVlZCB0byBzZXQgJ3BhdGgnIHRvIGNyZWF0ZSBhIG5ldyBzZXJ2aWNlIgogICAgICAgICAgICB9CiAgICAgICAgfQogICAgfQp9CgojIEFmdGVyIG1ha2luZyBhIGNoYW5nZSwgbGV0J3MgZ2V0IHRoZSBzZXJ2aWNlIGluZm8gYWdhaW4gdW5sZXNzIHdlIGRlbGV0ZWQgaXQKaWYgKCRzdGF0ZSAtZXEgJ2Fic2VudCcpIHsKICAgICMgUmVjcmVhdGUgcmVzdWx0IHNvIGl0IGRvZXNuJ3QgaGF2ZSB0aGUgZXh0cmEgbWV0YSBkYXRhIG5vdyB0aGF0IGlzIGhhcyBiZWVuIGRlbGV0ZWQKICAgICRjaGFuZ2VkID0gJHJlc3VsdC5jaGFuZ2VkCiAgICAkcmVzdWx0ID0gQHsKICAgICAgICBjaGFuZ2VkID0gJGNoYW5nZWQKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfSBlbHNlaWYgKCRzdmMgLW5lICRudWxsKSB7CiAgICBHZXQtU2VydmljZUluZm8gLW5hbWUgJG5hbWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "display_name": "nova-compute", "name": "nova-compute", "start_mode": "manual", "_ansible_module_name": "win_service", "_ansible_no_log": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "state": "stopped", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_check_mode": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\bin\\OpenStackService.exe nova-compute c:\\python37\\scripts\\nova-compute.exe --config-file c:\\openstack\\etc\\nova.conf", "_ansible_tmpdir": null, "_ansible_debug": false, "description": "OpenStack nova Compute Service"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 01543994-d1e5-4632-bbdb-15cb9bad240e Path:	4104	1		3	2	15	0	1590	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2028	3900	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:04 PM	839e3e65-ff4b-0000-274c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): BzZXJ2aWNlcyB0aGF0IGFyZSBydW5uaW5nIGFyZSBkZXBlbmRlbnQgb24gaXQiIH0KICAgICAgICA0IHsgIkludmFsaWQgU2VydmljZSBDb250cm9sOiBUaGUgcmVxdWVzdGVkIGNvbnRyb2wgY29kZSBpcyBub3QgdmFsaWQsIG9yIGl0IGlzIHVuYWNjZXB0YWJsZSB0byB0aGUgc2VydmljZSIgfQogICAgICAgIDUgeyAiU2VydmljZSBDYW5ub3QgQWNjZXB0IENvbnRyb2w6IFRoZSByZXF1ZXN0ZWQgY29udHJvbCBjb2RlIGNhbm5vdCBiZSBzZW50IHRvIHRoZSBzZXJ2aWNlIGJlY2F1c2UgdGhlIHN0YXRlIG9mIHRoZSBzZXJ2aWNlIChXaW4zMl9CYXNlU2VydmljZS5TdGF0ZSBwcm9wZXJ0eSkgaXMgZXF1YWwgdG8gMCwgMSwgb3IgMiIgfQogICAgICAgIDYgeyAiU2VydmljZSBOb3QgQWN0aXZlOiBUaGUgc2VydmljZSBoYXMgbm90IGJlZW4gc3RhcnRlZCIgfQogICAgICAgIDcgeyAiU2VydmljZSBSZXF1ZXN0IFRpbWVvdXQ6IFRoZSBzZXJ2aWNlIGRpZCBub3QgcmVzcG9uZCB0byB0aGUgc3RhcnQgcmVxdWVzdCBpbiBhIHRpbWVseSBmYXNoaW9uIiB9CiAgICAgICAgOCB7ICJVbmtub3duIEZhaWx1cmU6IFVua25vd24gZmFpbHVyZSB3aGVuIHN0YXJ0aW5nIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgOSB7ICJQYXRoIE5vdCBGb3VuZDogVGhlIGRpcmVjdG9yeSBwYXRoIHRvIHRoZSBzZXJ2aWNlIGV4ZWN1dGFibGUgZmlsZSB3YXMgbm90IGZvdW5kIiB9CiAgICAgICAgMTAgeyAiU2VydmljZSBBbHJlYWR5IFJ1bm5pbmc6IFRoZSBzZXJ2aWNlIGlzIGFscmVhZHkgcnVubmluZyIgfQogICAgICAgIDExIHsgIlNlcnZpY2UgRGF0YWJhc2UgTG9ja2VkOiBUaGUgZGF0YWJhc2UgdG8gYWRkIGEgbmV3IHNlcnZpY2UgaXMgbG9ja2VkIiB9CiAgICAgICAgMTIgeyAiU2VydmljZSBEZXBlbmRlbmN5IERlbGV0ZWQ6IEEgZGVwZW5kZW5jeSB0aGlzIHNlcnZpY2UgcmVsaWVzIG9uIGhhcyBiZWVuIHJlbW92ZWQgZnJvbSB0aGUgc3lzdGVtIiB9CiAgICAgICAgMTMgeyAiU2VydmljZSBEZXBlbmRlbmN5IEZhaWx1cmU6IFRoZSBzZXJ2aWNlIGZhaWxlZCB0byBmaW5kIHRoZSBzZXJ2aWNlIG5lZWRlZCBmcm9tIGEgZGVwZW5kZW50IHNlcnZpY2UiIH0KICAgICAgICAxNCB7ICJTZXJ2aWNlIERpc2FibGVkOiBUaGUgc2VydmljZSBoYXMgYmVlbiBkaXNhYmxlZCBmcm9tIHRoZSBzeXN0ZW0iIH0KICAgICAgICAxNSB7ICJTZXJ2aWNlIExvZ29uIEZhaWxlZDogVGhlIHNlcnZpY2UgZG9lcyBub3QgaGF2ZSB0aGUgY29ycmVjdCBhdXRoZW50aWNhdGlvbiB0byBydW4gb24gdGhlIHN5c3RlbSIgfQogICAgICAgIDE2IHsgIlNlcnZpY2UgTWFya2VkIEZvciBEZWxldGlvbjogVGhpcyBzZXJ2aWNlIGlzIGJlaW5nIHJlbW92ZWQgZnJvbSB0aGUgc3lzdGVtIiB9CiAgICAgICAgMTcgeyAiU2VydmljZSBObyBUaHJlYWQ6IFRoZSBzZXJ2aWNlIGhhcyBubyBleGVjdXRpb24gdGhyZWFkIiB9CiAgICAgICAgMTggeyAiU3RhdHVzIENpcmN1bGFyIERlcGVuZGVuY3k6IFRoZSBzZXJ2aWNlIGhhcyBjaXJjdWxhciBkZXBlbmRlbmNpZXMgd2hlbiBpdCBzdGFydHMiIH0KICAgICAgICAxOSB7ICJTdGF0dXMgRHVwbGljYXRlIE5hbWU6IEEgc2VydmljZSBpcyBydW5uaW5nIHVuZGVyIHRoZSBzYW1lIG5hbWUiIH0KICAgICAgICAyMCB7ICJTdGF0dXMgSW52YWxpZCBOYW1lOiBUaGUgc2VydmljZSBuYW1lIGhhcyBpbnZhbGlkIGNoYXJhY3RlcnMiIH0KICAgICAgICAyMSB7ICJTdGF0dXMgSW52YWxpZCBQYXJhbWV0ZXI6IEludmFsaWQgcGFyYW1ldGVycyBoYXZlIGJlZW4gcGFzc2VkIHRvIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgMjIgeyAiU3RhdHVzIEludmFsaWQgU2VydmljZSBBY2NvdW50OiBUaGUgYWNjb3VudCB1bmRlciB3aGljaCB0aGlzIHNlcnZpY2UgcnVucyBpcyBlaXRoZXIgaW52YWxpZCBvciBsYWNrcyB0aGUgcGVybWlzc2lvbnMgdG8gcnVuIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgMjMgeyAiU3RhdHVzIFNlcnZpY2UgRXhpc3RzOiBUaGUgc2VydmljZSBleGlzdHMgaW4gdGhlIGRhdGFiYXNlIG9mIHNlcnZpY2VzIGF2YWlsYWJsZSBmcm9tIHRoZSBzeXN0ZW0iIH0KICAgICAgICAyNCB7ICJTZXJ2aWNlIEFscmVhZHkgUGF1c2VkOiBUaGUgc2VydmljZSBpcyBjdXJyZW50bHkgcGF1c2VkIGluIHRoZSBzeXN0ZW0iIH0KICAgICAgICBkZWZhdWx0IHsgIk90aGVyIEVycm9yIiB9CiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1EZWxheWVkU3RhdHVzKCRuYW1lKSB7CiAgICAkZGVsYXllZF9rZXkgPSAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCRuYW1lIgogICAgdHJ5IHsKICAgICAgICAkZGVsYXllZCA9IENvbnZlcnRUby1Cb29sICgoR2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5KS5EZWxheWVkQXV0b3N0YXJ0KQogICAgfSBjYXRjaCB7CiAgICAgICAgJGRlbGF5ZWQgPSAkZmFsc2UKICAgIH0KCiAgICAkZGVsYXllZAp9CgpGdW5jdGlvbiBTZXQtU2VydmljZVN0YXJ0TW9kZSgkc3ZjLCAkc3RhcnRfbW9kZSkgewogICAgaWYgKCRyZXN1bHQuc3RhcnRfbW9kZSAtbmUgJHN0YXJ0X21vZGUpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkZGVsYXllZF9rZXkgPSAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCQoJHN2Yy5OYW1lKSIKICAgICAgICAgICAgIyBPcmlnaW5hbCBzdGFydCB1cCB0eXBlIHdhcyBhdXRvIChkZWxheWVkKSBhbmQgd2Ugd2FudCBhdXRvLCBuZWVkIHRvIHJlbW92ZWQgZGVsYXllZCBrZXkKICAgICAgICAgICAgaWYgKCRzdGFydF9tb2RlIC1lcSAnYXV0bycgLWFuZCAkcmVzdWx0LnN0YXJ0X21vZGUgLWVxICdkZWxheWVkJykgewogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMCAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgYXV0byBhbmQgd2Ugd2FudCBhdXRvIChkZWxheWVkKSwgbmVlZCB0byBhZGQgZGVsYXllZCBrZXkKICAgICAgICAgICAgfSBlbHNlaWYgKCRzdGFydF9tb2RlIC1lcSAnZGVsYXllZCcgLWFuZCAkcmVzdWx0LnN0YXJ0X21vZGUgLWVxICdhdXRvJykgewogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMSAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgbm90IGF1dG8gb3IgYXV0byAoZGVsYXllZCksIG5lZWQgdG8gY2hhbmdlIHRvIGF1dG8gYW5kIGFkZCBkZWxheWVkIGtleQogICAgICAgICAgICB9IGVsc2VpZiAoJHN0YXJ0X21vZGUgLWVxICdkZWxheWVkJykgewogICAgICAgICAgICAgICAgJHN2YyB8IFNldC1TZXJ2aWNlIC1TdGFydHVwVHlwZSAiYXV0byIgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMSAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgbm90IHdoYXQgd2Ugd2VyZSBsb29raW5nIGZvciwganVzdCBjaGFuZ2UgdG8gdGhhdCB0eXBlCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICAkc3ZjIHwgU2V0LVNlcnZpY2UgLVN0YXJ0dXBUeXBlICRzdGFydF9tb2RlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgIH0KICAgICAgICAKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgpGdW5jdGlvbiBTZXQtU2VydmljZUFjY291bnQoJHdtaV9zdmMsICR1c2VybmFtZV9zaWQsICR1c2VybmFtZSwgJHBhc3N3b3JkKSB7CiAgICBpZiAoJHJlc3VsdC51c2VybmFtZSAtZXEgIkxvY2FsU3lzdGVtIikgewogICAgICAgICRhY3R1YWxfc2lkID0gIlMtMS01LTE4IgogICAgfSBlbHNlIHsKICAgICAgICAkYWN0dWFsX3NpZCA9IENvbnZlcnQtVG9TSUQgLWFjY291bnRfbmFtZSAkcmVzdWx0LnVzZXJuYW1lCiAgICB9CgogICAgaWYgKCRhY3R1YWxfc2lkIC1uZSAkdXNlcm5hbWVfc2lkKSB7CiAgICAgICAgJGNoYW5nZV9hcmd1bWVudHMgPSBAewogICAgICAgICAgICBTdGFydE5hbWUgPSAkdXNlcm5hbWUKICAgICAgICAgICAgU3RhcnRQYXNzd29yZCA9ICRwYXNzd29yZAogICAgICAgICAgICBEZXNrdG9wSW50ZXJhY3QgPSAkcmVzdWx0LmRlc2t0b3BfaW50ZXJhY3QKICAgICAgICB9CiAgICAgICAgIyBuZWVkIHRvIGRpc2FibGUgZGVza3RvcCBpbnRlcmFjdCB3aGVuIG5vdCB1c2luZyB0aGUgU1lTVEVNIGFjY291bnQKICAgICAgICBpZiAoJHVzZXJuYW1lX3NpZCAtbmUgIlMtMS01LTE4IikgewogICAgICAgICAgICAkY2hhbmdlX2FyZ3VtZW50cy5EZXNrdG9wSW50ZXJhY3QgPSAkZmFsc2UKICAgICAgICB9CgogICAgICAgICNXTUkuQ2hhbmdlIGRvZXNuJ3Qgc3VwcG9ydCAtV2hhdElmLCBjYW5ub3QgZnVsbHkgdGVzdCB3aXRoIGNoZWNrX21vZGUKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAkcmV0dXJuID0gJHdtaV9zdmMgfCBJbnZva2UtQ2ltTWV0aG9kIC1NZXRob2ROYW1lIENoYW5nZSAtQXJndW1lbnRzICRjaGFuZ2VfYXJndW1lbnRzCiAgICAgICAgICAgIGlmICgkcmV0dXJuLlJldHVyblZhbHVlIC1uZSAwKSB7CiAgICAgICAgICAgICAgICAkZXJyb3JfbXNnID0gR2V0LVdtaUVycm9yTWVzc2FnZSAtcmV0dXJuX3ZhbHVlICRyZXN1bHQuUmV0dXJuVmFsdWUKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBzZXQgc2VydmljZSBhY2NvdW50IHRvICQoJHVzZXJuYW1lKTogJCgkcmV0dXJuLlJldHVyblZhbHVlKSAtICRlcnJvcl9tc2ciCiAgICAgICAgICAgIH0KICAgICAgICB9ICAgICAgICAKCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEZXNrdG9wSW50ZXJhY3QoJHdtaV9zdmMsICRkZXNrdG9wX2ludGVyYWN0KSB7CiAgICBpZiAoJHJlc3VsdC5kZXNrdG9wX2ludGVyYWN0IC1uZSAkZGVza3RvcF9pbnRlcmFjdCkgewogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICRyZXR1cm4gPSAkd21pX3N2YyB8IEludm9rZS1DaW1NZXRob2QgLU1ldGhvZE5hbWUgQ2hhbmdlIC1Bcmd1bWVudHMgQHtEZXNrdG9wSW50ZXJhY3QgPSAkZGVza3RvcF9pbnRlcmFjdH0KICAgICAgICAgICAgaWYgKCRyZXR1cm4uUmV0dXJuVmFsdWUgLW5lIDApIHsKICAgICAgICAgICAgICAgICRlcnJvcl9tc2cgPSBHZXQtV21pRXJyb3JNZXNzYWdlIC1yZXR1cm5fdmFsdWUgJHJldHVybi5SZXR1cm5WYWx1ZQogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRmFpbGVkIHRvIHNldCBkZXNrdG9wIGludGVyYWN0ICQoJGRlc2t0b3BfaW50ZXJhY3QpOiAkKCRyZXR1cm4uUmV0dXJuVmFsdWUpIC0gJGVycm9yX21zZyIKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEaXNwbGF5TmFtZSgkc3ZjLCAkZGlzcGxheV9uYW1lKSB7CiAgICBpZiAoJHJlc3VsdC5kaXNwbGF5X25hbWUgLW5lICRkaXNwbGF5X25hbWUpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU2V0LVNlcnZpY2UgLURpc3BsYXlOYW1lICRkaXNwbGF5X25hbWUgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgIH0KICAgICAgICAKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgpGdW5jdGlvbiBTZXQtU2VydmljZURlc2NyaXB0aW9uKCRzdmMsICRkZXNjcmlwdGlvbikgewogICAgaWYgKCRyZXN1bHQuZGVzY3JpcHRpb24gLW5lICRkZXNjcmlwdGlvbikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgICRzdmMgfCBTZXQtU2VydmljZSAtRGVzY3JpcHRpb24gJGRlc2NyaXB0aW9uIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VQYXRoKCRuYW1lLCAkcGF0aCkgewogICAgaWYgKCRyZXN1bHQucGF0aCAtbmUgJHBhdGgpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICBTZXQtSXRlbVByb3BlcnR5IC1MaXRlcmFsUGF0aCAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCRuYW1lIiAtTmFtZSBJbWFnZVBhdGggLVZhbHVlICRwYXRoIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEZXBlbmRlbmNpZXMoJHdtaV9zdmMsICRkZXBlbmRlbmN5X2FjdGlvbiwgJGRlcGVuZGVuY2llcykgewogICAgJGV4aXN0aW5nX2RlcGVuZGVuY2llcyA9ICRyZXN1bHQuZGVwZW5kZW5jaWVzCiAgICBbU3lzdGVtLkNvbGxlY3Rpb25zLkFycmF5TGlzdF0kbmV3X2RlcGVuZGVuY2llcyA9IEAoKQoKICAgIGlmICgkZGVwZW5kZW5jeV9hY3Rpb24gLWVxICdzZXQnKSB7CiAgICAgICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJGRlcGVuZGVuY2llcykgewogICAgICAgICAgICAkbmV3X2RlcGVuZGVuY2llcy5BZGQoJGRlcGVuZGVuY3kpCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkbmV3X2RlcGVuZGVuY2llcyA9ICRleGlzdGluZ19kZXBlbmRlbmNpZXMKICAgICAgICBmb3JlYWNoICgkZGVwZW5kZW5jeSBpbiAkZGVwZW5kZW5jaWVzKSB7CiAgICAgICAgICAgIGlmICgkZGVwZW5kZW5jeV9hY3Rpb24gLWVxICdyZW1vdmUnKSB7CiAgICAgICAgICAgICAgICBpZiAoJG5ld19kZXBlbmRlbmNpZXMgLWNvbnRhaW5zICRkZXBlbmRlbmN5KSB7CiAgICAgICAgICAgICAgICAgICAgJG5ld19kZXBlbmRlbmNpZXMuUmVtb3ZlKCRkZXBlbmRlbmN5KQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2VpZiAoJGRlcGVuZGVuY3lfYWN0aW9uIC1lcSAnYWRkJykgewogICAgICAgICAgICAgICAgaWYgKCRuZXdfZGVwZW5kZW5jaWVzIC1ub3Rjb250YWlucyAkZGVwZW5kZW5jeSkgewogICAgICAgICAgICAgICAgICAgICRuZXdfZGVwZW5kZW5jaWVzLkFkZCgkZGVwZW5kZW5jeSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAkd2lsbF9jaGFuZ2UgPSAkZmFsc2UKICAgIGZvcmVhY2ggKCRkZXBlbmRlbmN5IGluICRuZXdfZGVwZW5kZW5jaWVzKSB7CiAgICAgICAgaWYgKCRleGlzdGluZ19kZXBlbmRlbmNpZXMgLW5vdGNvbnRhaW5zICRkZXBlbmRlbmN5KSB7CiAgICAgICAgICAgICR3aWxsX2NoYW5nZSA9ICR0cnVlCiAgICAgICAgfQogICAgfQogICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJGV4aXN0aW5nX2RlcGVuZGVuY2llcykgewogICAgICAgIGlmICgkbmV3X2RlcGVuZGVuY2llcyAtbm90Y29udGFpbnMgJGRlcGVuZGVuY3kpIHsKICAgICAgICAgICAgJHdpbGxfY2hhbmdlID0gJHRydWUKICAgICAgICB9CiAgICB9CgogICAgaWYgKCR3aWxsX2NoYW5nZSAtZXEgJHRydWUpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAkcmV0dXJuID0gJHdtaV9zdmMgfCBJbnZva2UtQ2ltTWV0aG9kIC1NZXRob2ROYW1lIENoYW5nZSAtQXJndW1lbnRzIEB7U2VydmljZURlcGVuZGVuY2llcyA9ICRuZXdfZGVwZW5kZW5jaWVzfQogICAgICAgICAgICBpZiAoJHJldHVybi5SZXR1cm5WYWx1ZSAtbmUgMCkgewogICAgICAgICAgICAgICAgJGVycm9yX21zZyA9IEdldC1XbWlFcnJvck1lc3NhZ2UgLXJldHVybl92YWx1ZSAkcmV0dXJuLlJldHVyblZhbHVlCiAgICAgICAgICAgICAgICAkZGVwX3N0cmluZyA9ICRuZXdfZGVwZW5kZW5jaWVzIC1qb2luICIsICIKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBzZXQgc2VydmljZSBkZXBlbmRlbmNpZXMgJCgkZGVwX3N0cmluZyk6ICQoJHJldHVybi5SZXR1cm5WYWx1ZSkgLSAkZXJyb3JfbXNnIgogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1TZXJ2aWNlU3RhdGUoJHN2YywgJHdtaV9zdmMsICRzdGF0ZSkgewogICAgaWYgKCRzdGF0ZSAtZXEgInN0YXJ0ZWQiIC1hbmQgJHJlc3VsdC5zdGF0ZSAtbmUgInJ1bm5pbmciKSB7CiAgICAgICAgaWYgKCRyZXN1bHQuc3RhdGUgLWVxICJwYXVzZWQiKSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3ZjIHwgUmVzdW1lLVNlcnZpY2UgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJmYWlsZWQgdG8gc3RhcnQgc2VydmljZSBmcm9tIHBhdXNlZCBzdGF0ZSAkKCRzdmMuTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgdHJ5IHsKICAgICAgICAgICAgICAgICRzdmMgfCBTdGFydC1TZXJ2aWNlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgInN0b3BwZWQiIC1hbmQgJHJlc3VsdC5zdGF0ZSAtbmUgInN0b3BwZWQiKSB7CiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHN2YyB8IFN0b3AtU2VydmljZSAtRm9yY2U6JGZvcmNlX2RlcGVuZGVudF9zZXJ2aWNlcyAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICRfLkV4Y2VwdGlvbi5NZXNzYWdlCiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgInJlc3RhcnRlZCIpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgUmVzdGFydC1TZXJ2aWNlIC1Gb3JjZTokZm9yY2VfZGVwZW5kZW50X3NlcnZpY2VzIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAicGF1c2VkIiAtYW5kICRyZXN1bHQuc3RhdGUgLW5lICJwYXVzZWQiKSB7CiAgICAgICAgIyBjaGVjayB0aGF0IHdlIGNhbiBhY3R1YWxseSBwYXVzZSB0aGUgc2VydmljZQogICAgICAgIGlmICgkcmVzdWx0LmNhbl9wYXVzZV9hbmRfY29udGludWUgLWVxICRmYWxzZSkgewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAiZmFpbGVkIHRvIHBhdXNlIHNlcnZpY2UgJCgkc3ZjLk5hbWUpOiBUaGUgc2VydmljZSBkb2VzIG5vdCBzdXBwb3J0IHBhdXNpbmciCiAgICAgICAgfQoKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU3VzcGVuZC1TZXJ2aWNlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgImZhaWxlZCB0byBwYXVzZSBzZXJ2aWNlICQoJHN2Yy5OYW1lKTogJCgkXy5FeGNlcHRpb24uTWVzc2FnZSkiCiAgICAgICAgfQogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgImFic2VudCIpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU3RvcC1TZXJ2aWNlIC1Gb3JjZTokZm9yY2VfZGVwZW5kZW50X3NlcnZpY2VzIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgJHJldHVybiA9ICR3bWlfc3ZjIHwgSW52b2tlLUNpbU1ldGhvZCAtTWV0aG9kTmFtZSBEZWxldGUKICAgICAgICAgICAgaWYgKCRyZXR1cm4uUmV0dXJuVmFsdWUgLW5lIDApIHsKICAgICAgICAgICAgICAgICRlcnJvcl9tc2cgPSBHZXQtV21pRXJyb3JNZXNzYWdlIC1yZXR1cm5fdmFsdWUgJHJldHVybi5SZXR1cm5WYWx1ZQogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRmFpbGVkIHRvIGRlbGV0ZSBzZXJ2aWNlICQoJHN2Yy5OYW1lKTogJCgkcmV0dXJuLlJldHVyblZhbHVlKSAtICRlcnJvcl9tc2ciCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VDb25maWd1cmF0aW9uKCRzdmMpIHsKICAgICR3bWlfc3ZjID0gR2V0LUNpbUluc3RhbmNlIC1DbGFzc05hbWUgV2luMzJfU2VydmljZSAtRmlsdGVyICJuYW1lPSckKCRzdmMuTmFtZSknIgogICAgR2V0LVNlcnZpY2VJbmZvIC1uYW1lICRzdmMuTmFtZQogICAgaWYgKCRkZXNrdG9wX2ludGVyYWN0IC1lcSAkdHJ1ZSAtYW5kICgtbm90ICgkcmVzdWx0LnVzZXJuYW1lIC1lcSAnTG9jYWxTeXN0ZW0nIC1vciAkdXNlcm5hbWUgLWVxICdMb2NhbFN5c3RlbScpKSkgewogICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJDYW4gb25seSBzZXQgZGVza3RvcF9pbnRlcmFjdCB0byB0cnVlIHdoZW4gc2VydmljZSBpcyBydW4gd2l0aC9vciAndXNlcm5hbWUnIGVxdWFscyAnTG9jYWxTeXN0ZW0nIgogICAgfQoKICAgIGlmICgkc3RhcnRfbW9kZSAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZVN0YXJ0TW9kZSAtc3ZjICRzdmMgLXN0YXJ0X21vZGUgJHN0YXJ0X21vZGUKICAgIH0KCiAgICBpZiAoJHVzZXJuYW1lIC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlQWNjb3VudCAtd21pX3N2YyAkd21pX3N2YyAtdXNlcm5hbWVfc2lkICR1c2VybmFtZV9zaWQgLXVzZXJuYW1lICR1c2VybmFtZSAtcGFzc3dvcmQgJHBhc3N3b3JkCiAgICB9CgogICAgaWYgKCRkaXNwbGF5X25hbWUgLW5lICRudWxsKSB7CiAgICAgICAgU2V0LVNlcnZpY2VEaXNwbGF5TmFtZSAtc3ZjICRzdmMgLWRpc3BsYXlfbmFtZSAkZGlzcGxheV9uYW1lCiAgICB9CgogICAgaWYgKCRkZXNrdG9wX2ludGVyYWN0IC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlRGVza3RvcEludGVyYWN0IC13bWlfc3ZjICR3bWlfc3ZjIC1kZXNrdG9wX2ludGVyYWN0ICRkZXNrdG9wX2ludGVyYWN0CiAgICB9CgogICAgaWYgKCRkZXNjcmlwdGlvbiAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZURlc2NyaXB0aW9uIC1zdmMgJHN2YyAtZGVzY3JpcHRpb24gJGRlc2NyaXB0aW9uCiAgICB9CgogICAgaWYgKCRwYXRoIC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlUGF0aCAtbmFtZSAkc3ZjLk5hbWUgLXBhdGggJHBhdGgKICAgIH0KCiAgICBpZiAoJGRlcGVuZGVuY2llcyAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZURlcGVuZGVuY2llcyAtd21pX3N2YyAkd21pX3N2YyAtZGVwZW5kZW5jeV9hY3Rpb24gJGRlcGVuZGVuY3lfYWN0aW9uIC1kZXBlbmRlbmNpZXMgJGRlcGVuZGVuY2llcwogICAgfQoKICAgIGlmICgkc3RhdGUgLW5lICRudWxsKSB7CiAgICAgICAgU2V0LVNlcnZpY2VTdGF0ZSAtc3ZjICRzdmMgLXdtaV9zdmMgJHdtaV9zdmMgLXN0YXRlICRzdGF0ZQogICAgfQp9CgojIG5lZWQgdG8gdXNlIFdoZXJ ScriptBlock ID: 01543994-d1e5-4632-bbdb-15cb9bad240e Path:	4104	1		3	2	15	0	1589	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2028	3900	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:04 PM	839e3e65-ff4b-0000-274c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): RvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTQsIENocmlzIEhvZmZtYW4gPGNob2ZmbWFuQGNoYXRoYW1maW5hbmNpYWwuY29tPgojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5TSUQKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCiRjaGVja19tb2RlID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ19hbnNpYmxlX2NoZWNrX21vZGUnIC10eXBlICdib29sJyAtZGVmYXVsdCAkZmFsc2UKCiRkZXBlbmRlbmNpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnZGVwZW5kZW5jaWVzJyAtdHlwZSAnbGlzdCcgLWRlZmF1bHQgJG51bGwKJGRlcGVuZGVuY3lfYWN0aW9uID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ2RlcGVuZGVuY3lfYWN0aW9uJyAtdHlwZSAnc3RyJyAtZGVmYXVsdCAnc2V0JyAtdmFsaWRhdGVzZXQgJ2FkZCcsJ3JlbW92ZScsJ3NldCcgCiRkZXNjcmlwdGlvbiA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdkZXNjcmlwdGlvbicgLXR5cGUgJ3N0cicKJGRlc2t0b3BfaW50ZXJhY3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnZGVza3RvcF9pbnRlcmFjdCcgLXR5cGUgJ2Jvb2wnIC1kZWZhdWx0ICRmYWxzZQokZGlzcGxheV9uYW1lID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ2Rpc3BsYXlfbmFtZScgLXR5cGUgJ3N0cicKJGZvcmNlX2RlcGVuZGVudF9zZXJ2aWNlcyA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdmb3JjZV9kZXBlbmRlbnRfc2VydmljZXMnIC10eXBlICdib29sJyAtZGVmYXVsdCAkZmFsc2UKJG5hbWUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnbmFtZScgLXR5cGUgJ3N0cicgLWZhaWxpZmVtcHR5ICR0cnVlCiRwYXNzd29yZCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdwYXNzd29yZCcgLXR5cGUgJ3N0cicKJHBhdGggPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAncGF0aCcKJHN0YXJ0X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnc3RhcnRfbW9kZScgLXR5cGUgJ3N0cicgLXZhbGlkYXRlc2V0ICdhdXRvJywnbWFudWFsJywnZGlzYWJsZWQnLCdkZWxheWVkJwokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnc3RhdGUnIC10eXBlICdzdHInIC12YWxpZGF0ZXNldCAnc3RhcnRlZCcsJ3N0b3BwZWQnLCdyZXN0YXJ0ZWQnLCdhYnNlbnQnLCdwYXVzZWQnCiR1c2VybmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICd1c2VybmFtZScgLXR5cGUgJ3N0cicKCiRyZXN1bHQgPSBAewogICAgY2hhbmdlZCA9ICRmYWxzZQp9CgojIHBhcnNlIHRoZSB1c2VybmFtZSB0byBTSUQgYW5kIGJhY2sgc28gd2UgZ2V0IHRoZSBmdWxsIHVzZXJuYW1lIHdpdGggZG9tYWluIGluIGEgd2F5IFdNSSB1bmRlcnN0YW5kcwppZiAoJHVzZXJuYW1lIC1uZSAkbnVsbCkgewogICAgaWYgKCR1c2VybmFtZSAtZXEgIkxvY2FsU3lzdGVtIikgewogICAgICAgICR1c2VybmFtZV9zaWQgPSAiUy0xLTUtMTgiCiAgICB9IGVsc2UgewogICAgICAgICR1c2VybmFtZV9zaWQgPSBDb252ZXJ0LVRvU0lEIC1hY2NvdW50X25hbWUgJHVzZXJuYW1lCiAgICB9CgogICAgIyB0aGUgU1lTVEVNIGFjY291bnQgaXMgYSBzcGVjaWFsIGJlYXN0LCBXaW4zMl9TZXJ2aWNlIENoYW5nZSByZXF1aXJlcyBTdGFydE5hbWUgdG8gYmUgTG9jYWxTeXN0ZW0KICAgICMgdG8gc3BlY2lmeSBMb2NhbFN5c3RlbS9OVCBBVVRIT1JJVFlcU1lTVEVNCiAgICBpZiAoJHVzZXJuYW1lX3NpZCAtZXEgIlMtMS01LTE4IikgewogICAgICAgICR1c2VybmFtZSA9ICJMb2NhbFN5c3RlbSIKICAgICAgICAkcGFzc3dvcmQgPSAkbnVsbAogICAgfSBlbHNlIHsKICAgICAgICAjIFdpbjMyX1NlcnZpY2UsIHBhc3N3b3JkIG11c3QgYmUgIiIgYW5kIG5vdCAkbnVsbCB3aGVuIHNldHRpbmcgdG8gTG9jYWxTZXJ2aWNlIG9yIE5ldHdvcmtTZXJ2aWNlCiAgICAgICAgaWYgKCR1c2VybmFtZV9zaWQgLWluIEAoIlMtMS01LTE5IiwgIlMtMS01LTIwIikpIHsKICAgICAgICAgICAgJHBhc3N3b3JkID0gIiIKICAgICAgICB9CiAgICAgICAgJHVzZXJuYW1lID0gQ29udmVydC1Gcm9tU0lEIC1zaWQgJHVzZXJuYW1lX3NpZAogICAgfQp9CmlmICgkcGFzc3dvcmQgLW5lICRudWxsIC1hbmQgJHVzZXJuYW1lIC1lcSAkbnVsbCkgewogICAgRmFpbC1Kc29uICRyZXN1bHQgIlRoZSBhcmd1bWVudCAndXNlcm5hbWUnIG11c3QgYmUgc3VwcGxpZWQgd2l0aCAncGFzc3dvcmQnIgp9CmlmICgkZGVza3RvcF9pbnRlcmFjdCAtZXEgJHRydWUgLWFuZCAoLW5vdCAoJHVzZXJuYW1lIC1lcSAiTG9jYWxTeXN0ZW0iIC1vciAkdXNlcm5hbWUgLWVxICRudWxsKSkpIHsKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJDYW4gb25seSBzZXQgJ2Rlc2t0b3BfaW50ZXJhY3QnIHRvIHRydWUgd2hlbiAndXNlcm5hbWUnIGVxdWFscyAnTG9jYWxTeXN0ZW0nIgp9CmlmICgkcGF0aCAtbmUgJG51bGwpIHsKICAgICRwYXRoID0gW1N5c3RlbS5FbnZpcm9ubWVudF06OkV4cGFuZEVudmlyb25tZW50VmFyaWFibGVzKCRwYXRoKQp9CgpGdW5jdGlvbiBHZXQtU2VydmljZUluZm8oJG5hbWUpIHsKICAgICMgTmVlZCB0byBnZXQgbmV3IG9iamVjdHMgc28gd2UgaGF2ZSB0aGUgbGF0ZXN0IGluZm8KICAgICRzdmMgPSBHZXQtU2VydmljZSB8IFdoZXJlLU9iamVjdCB7ICRfLk5hbWUgLWVxICRuYW1lIC1vciAkXy5EaXNwbGF5TmFtZSAtZXEgJG5hbWUgfQogICAgJHdtaV9zdmMgPSBHZXQtQ2ltSW5zdGFuY2UgLUNsYXNzTmFtZSBXaW4zMl9TZXJ2aWNlIC1GaWx0ZXIgIm5hbWU9JyQoJHN2Yy5OYW1lKSciCgogICAgIyBEZWxheWVkIHN0YXJ0X21vZGUgaXMgaW4gcmVhbGl0eSBBdXRvbWF0aWMgKERlbGF5ZWQpLCBuZWVkIHRvIGNoZWNrIHJlZyBrZXkgZm9yIHR5cGUKICAgICRkZWxheWVkID0gR2V0LURlbGF5ZWRTdGF0dXMgLW5hbWUgJHN2Yy5OYW1lCiAgICAkYWN0dWFsX3N0YXJ0X21vZGUgPSAkd21pX3N2Yy5TdGFydE1vZGUuVG9TdHJpbmcoKS5Ub0xvd2VyKCkgCiAgICBpZiAoJGRlbGF5ZWQgLWFuZCAkYWN0dWFsX3N0YXJ0X21vZGUgLWVxICdhdXRvJykgewogICAgICAgICRhY3R1YWxfc3RhcnRfbW9kZSA9ICdkZWxheWVkJwogICAgfQoKICAgICRleGlzdGluZ19kZXBlbmRlbmNpZXMgPSBAKCkKICAgICRleGlzdGluZ19kZXBlbmRlZF9ieSA9IEAoKQogICAgaWYgKCRzdmMuU2VydmljZXNEZXBlbmRlZE9uLkNvdW50IC1ndCAwKSB7CiAgICAgICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJHN2Yy5TZXJ2aWNlc0RlcGVuZGVkT24uTmFtZSkgewogICAgICAgICAgICAkZXhpc3RpbmdfZGVwZW5kZW5jaWVzICs9ICRkZXBlbmRlbmN5CiAgICAgICAgfQogICAgfQogICAgaWYgKCRzdmMuRGVwZW5kZW50U2VydmljZXMuQ291bnQgLWd0IDApIHsKICAgICAgICBmb3JlYWNoICgkZGVwZW5kZW5jeSBpbiAkc3ZjLkRlcGVuZGVudFNlcnZpY2VzLk5hbWUpIHsKICAgICAgICAgICAgJGV4aXN0aW5nX2RlcGVuZGVkX2J5ICs9ICRkZXBlbmRlbmN5CiAgICAgICAgfQogICAgfQogICAgJGRlc2NyaXB0aW9uID0gJHdtaV9zdmMuRGVzY3JpcHRpb24KICAgIGlmICgkZGVzY3JpcHRpb24gLWVxICRudWxsKSB7CiAgICAgICAgJGRlc2NyaXB0aW9uID0gIiIKICAgIH0KCiAgICAkcmVzdWx0LmV4aXN0cyA9ICR0cnVlCiAgICAkcmVzdWx0Lm5hbWUgPSAkc3ZjLk5hbWUKICAgICRyZXN1bHQuZGlzcGxheV9uYW1lID0gJHN2Yy5EaXNwbGF5TmFtZQogICAgJHJlc3VsdC5zdGF0ZSA9ICRzdmMuU3RhdHVzLlRvU3RyaW5nKCkuVG9Mb3dlcigpCiAgICAkcmVzdWx0LnN0YXJ0X21vZGUgPSAkYWN0dWFsX3N0YXJ0X21vZGUKICAgICRyZXN1bHQucGF0aCA9ICR3bWlfc3ZjLlBhdGhOYW1lCiAgICAkcmVzdWx0LmRlc2NyaXB0aW9uID0gJGRlc2NyaXB0aW9uCiAgICAkcmVzdWx0LnVzZXJuYW1lID0gJHdtaV9zdmMuU3RhcnROYW1lCiAgICAkcmVzdWx0LmRlc2t0b3BfaW50ZXJhY3QgPSAkd21pX3N2Yy5EZXNrdG9wSW50ZXJhY3QKICAgICRyZXN1bHQuZGVwZW5kZW5jaWVzID0gJGV4aXN0aW5nX2RlcGVuZGVuY2llcwogICAgJHJlc3VsdC5kZXBlbmRlZF9ieSA9ICRleGlzdGluZ19kZXBlbmRlZF9ieQogICAgJHJlc3VsdC5jYW5fcGF1c2VfYW5kX2NvbnRpbnVlID0gJHN2Yy5DYW5QYXVzZUFuZENvbnRpbnVlCn0KCkZ1bmN0aW9uIEdldC1XbWlFcnJvck1lc3NhZ2UoJHJldHVybl92YWx1ZSkgewogICAgIyBUaGVzZSB2YWx1ZXMgYXJlIGRlcml2ZWQgZnJvbSBodHRwczovL21zZG4ubWljcm9zb2Z0LmNvbS9lbi11cy9saWJyYXJ5L2FhMzg0OTAxKHY9dnMuODUpLmFzcHgKICAgIHN3aXRjaCAoJHJldHVybl92YWx1ZSkgewogICAgICAgIDEgeyAiTm90IFN1cHBvcnRlZDogVGhlIHJlcXVlc3QgaXMgbm90IHN1cHBvcnRlZCIgfQogICAgICAgIDIgeyAiQWNjZXNzIERlbmllZDogVGhlIHVzZXIgZGlkIG5vdCBoYXZlIHRoZSBuZWNlc3NhcnkgYWNjZXNzIiB9CiAgICAgICAgMyB7ICJEZXBlbmRlbnQgU2VydmljZXMgUnVubmluZzogVGhlIHNlcnZpY2UgY2Fubm90IGJlIHN0b3BwZWQgYmVjYXVzZSBvdGhlci ScriptBlock ID: 01543994-d1e5-4632-bbdb-15cb9bad240e Path:	4104	1		3	2	15	0	1588	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2028	3900	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:04 PM	839e3e65-ff4b-0000-274c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.SID": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCkZ1bmN0aW9uIENvbnZlcnQtRnJvbVNJRCgkc2lkKSB7CiAgICAjIENvbnZlcnRzIGEgU0lEIHRvIGEgRG93bi1MZXZlbCBMb2dvbiBuYW1lIGluIHRoZSBmb3JtIG9mIERPTUFJTlxVc2VyTmFtZQogICAgIyBJZiB0aGUgU0lEIGlzIGZvciBhIGxvY2FsIHVzZXIgb3IgZ3JvdXAgdGhlbiBET01BSU4gd291bGQgYmUgdGhlIHNlcnZlcgogICAgIyBuYW1lLgoKICAgICRhY2NvdW50X29iamVjdCA9IE5ldy1PYmplY3QgU3lzdGVtLlNlY3VyaXR5LlByaW5jaXBhbC5TZWN1cml0eUlkZW50aWZpZXIoJHNpZCkKICAgIHRyeSB7CiAgICAgICAgJG50X2FjY291bnQgPSAkYWNjb3VudF9vYmplY3QuVHJhbnNsYXRlKFtTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudF0pCiAgICB9IGNhdGNoIHsKICAgICAgICBGYWlsLUpzb24gLW9iaiBAe30gLW1lc3NhZ2UgImZhaWxlZCB0byBjb252ZXJ0IHNpZCAnJHNpZCcgdG8gYSBsb2dvbiBuYW1lOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KCiAgICByZXR1cm4gJG50X2FjY291bnQuVmFsdWUKfQoKRnVuY3Rpb24gQ29udmVydC1Ub1NJRCB7CiAgICBbRGlhZ25vc3RpY3MuQ29kZUFuYWx5c2lzLlN1cHByZXNzTWVzc2FnZUF0dHJpYnV0ZSgiUFNBdm9pZFVzaW5nRW1wdHlDYXRjaEJsb2NrIiwgIiIsIEp1c3RpZmljYXRpb249IldlIGRvbid0IGNhcmUgaWYgY29udmVydGluZyB0byBhIFNJRCBmYWlscywganVzdCB0aGF0IGl0IGZhaWxlZCBvciBub3QiKV0KICAgIHBhcmFtKCRhY2NvdW50X25hbWUpCiAgICAjIENvbnZlcnRzIGFuIGFjY291bnQgbmFtZSB0byBhIFNJRCwgaXQgY2FuIHRha2UgaW4gdGhlIGZvbGxvd2luZyBmb3JtcwogICAgIyBTSUQ6IFdpbGwganVzdCByZXR1cm4gdGhlIFNJRCB2YWx1ZSB0aGF0IHdhcyBwYXNzZWQgaW4KICAgICMgVVBOOgogICAgIyAgIHByaW5jaXBhbEBkb21haW4gKERvbWFpbiB1c2VycyBvbmx5KQogICAgIyBEb3duLUxldmVsIExvZ2luIE5hbWUKICAgICMgICBET01BSU5ccHJpbmNpcGFsIChEb21haW4pCiAgICAjICAgU0VSVkVSTkFNRVxwcmluY2lwYWwgKExvY2FsKQogICAgIyAgIC5ccHJpbmNpcGFsIChMb2NhbCkKICAgICMgICBOVCBBVVRIT1JJVFlcU1lTVEVNIChMb2NhbCBTZXJ2aWNlIEFjY291bnRzKQogICAgIyBMb2dpbiBOYW1lCiAgICAjICAgcHJpbmNpcGFsIChMb2NhbC9Mb2NhbCBTZXJ2aWNlIEFjY291bnRzKQoKICAgIHRyeSB7CiAgICAgICAgJHNpZCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5QcmluY2lwYWwuU2VjdXJpdHlJZGVudGlmaWVyIC1Bcmd1bWVudExpc3QgJGFjY291bnRfbmFtZQogICAgICAgIHJldHVybiAkc2lkLlZhbHVlCiAgICB9IGNhdGNoIHt9CgogICAgaWYgKCRhY2NvdW50X25hbWUgLWxpa2UgIipcKiIpIHsKICAgICAgICAkYWNjb3VudF9uYW1lX3NwbGl0ID0gJGFjY291bnRfbmFtZSAtc3BsaXQgIlxcIgogICAgICAgIGlmICgkYWNjb3VudF9uYW1lX3NwbGl0WzBdIC1lcSAiLiIpIHsKICAgICAgICAgICAgJGRvbWFpbiA9ICRlbnY6Q09NUFVURVJOQU1FCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJGRvbWFpbiA9ICRhY2NvdW50X25hbWVfc3BsaXRbMF0KICAgICAgICB9CiAgICAgICAgJHVzZXJuYW1lID0gJGFjY291bnRfbmFtZV9zcGxpdFsxXQogICAgfSBlbHNlaWYgKCRhY2NvdW50X25hbWUgLWxpa2UgIipAKiIpIHsKICAgICAgICAkYWNjb3VudF9uYW1lX3NwbGl0ID0gJGFjY291bnRfbmFtZSAtc3BsaXQgIkAiCiAgICAgICAgJGRvbWFpbiA9ICRhY2NvdW50X25hbWVfc3BsaXRbMV0KICAgICAgICAkdXNlcm5hbWUgPSAkYWNjb3VudF9uYW1lX3NwbGl0WzBdCiAgICB9IGVsc2UgewogICAgICAgICRkb21haW4gPSAkbnVsbAogICAgICAgICR1c2VybmFtZSA9ICRhY2NvdW50X25hbWUKICAgIH0KCiAgICBpZiAoJGRvbWFpbikgewogICAgICAgICMgc2VhcmNoaW5nIGZvciBhIGxvY2FsIGdyb3VwIHdpdGggdGhlIHNlcnZlcm5hbWUgcHJlZml4ZWQgd2lsbCBmYWlsLAogICAgICAgICMgbmVlZCB0byBjaGVjayBmb3IgdGhpcyBzaXR1YXRpb24gYW5kIG9ubHkgdXNlIE5UQWNjb3VudChTdHJpbmcpCiAgICAgICAgaWYgKCRkb21haW4gLWVxICRlbnY6Q09NUFVURVJOQU1FKSB7CiAgICAgICAgICAgICRhZHNpID0gW0FEU0ldKCJXaW5OVDovLyRlbnY6Q09NUFVURVJOQU1FLGNvbXB1dGVyIikKICAgICAgICAgICAgJGdyb3VwID0gJGFkc2kucHNiYXNlLmNoaWxkcmVuIHwgV2hlcmUtT2JqZWN0IHsgJF8uc2NoZW1hQ2xhc3NOYW1lIC1lcSAiZ3JvdXAiIC1hbmQgJF8uTmFtZSAtZXEgJHVzZXJuYW1lIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZ3JvdXAgPSAkbnVsbAogICAgICAgIH0KICAgICAgICBpZiAoJGdyb3VwKSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkdXNlcm5hbWUpCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJGFjY291bnQgPSBOZXctT2JqZWN0IFN5c3RlbS5TZWN1cml0eS5QcmluY2lwYWwuTlRBY2NvdW50KCRkb21haW4sICR1c2VybmFtZSkKICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICMgd2hlbiBpbiBhIGRvbWFpbiBOVEFjY291bnQoU3RyaW5nKSB3aWxsIGZhdm91ciBkb21haW4gbG9va3VwcyBjaGVjawogICAgICAgICMgaWYgdXNlcm5hbWUgaXMgYSBsb2NhbCB1c2VyIGFuZCBleHBsaWN0bHkgc2VhcmNoIG9uIHRoZSBsb2NhbGhvc3QgZm9yCiAgICAgICAgIyB0aGF0IGFjY291bnQKICAgICAgICAkYWRzaSA9IFtBRFNJXSgiV2luTlQ6Ly8kZW52OkNPTVBVVEVSTkFNRSxjb21wdXRlciIpCiAgICAgICAgJHVzZXIgPSAkYWRzaS5wc2Jhc2UuY2hpbGRyZW4gfCBXaGVyZS1PYmplY3QgeyAkXy5zY2hlbWFDbGFzc05hbWUgLWVxICJ1c2VyIiAtYW5kICRfLk5hbWUgLWVxICR1c2VybmFtZSB9CiAgICAgICAgaWYgKCR1c2VyKSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkZW52OkNPTVBVVEVSTkFNRSwgJHVzZXJuYW1lKQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkdXNlcm5hbWUpCiAgICAgICAgfQogICAgfQogICAgCiAgICB0cnkgewogICAgICAgICRhY2NvdW50X3NpZCA9ICRhY2NvdW50LlRyYW5zbGF0ZShbU3lzdGVtLlNlY3VyaXR5LlByaW5jaXBhbC5TZWN1cml0eUlkZW50aWZpZXJdKQogICAgfSBjYXRjaCB7CiAgICAgICAgRmFpbC1Kc29uIEB7fSAiYWNjb3VudF9uYW1lICRhY2NvdW50X25hbWUgaXMgbm90IGEgdmFsaWQgYWNjb3VudCwgY2Fubm90IGdldCBTSUQ6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQogICAgCiAgICByZXR1cm4gJGFjY291bnRfc2lkLlZhbHVlCn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9IC ScriptBlock ID: 01543994-d1e5-4632-bbdb-15cb9bad240e Path:	4104	1		3	2	15	0	1587	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2028	3900	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:04 PM	839e3e65-ff4b-0000-274c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1586	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2028	4192	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:04 PM	839e3e65-ff4b-0001-864a-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2028 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1585	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2028	2492	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:04 PM	839e3e65-ff4b-0001-864a-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1584	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2028	4192	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:04 PM	839e3e65-ff4b-0001-864a-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetGPO' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Open-NetGPO { [CmdletBinding(PositionalBinding=$false)] [OutputType([System.String])] param( [Parameter(ParameterSetName='Open0', Mandatory=$true, Position=0)] [string] ${PolicyStore}, [Parameter(ParameterSetName='Open0')] [string] ${DomainController}, [Parameter(ParameterSetName='Open0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Open0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Open0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DomainController')) { [object]$__cmdletization_value = ${DomainController} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DomainController'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DomainController'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GPOSession'; ParameterType = 'System.String'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Open', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetGPO.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Open-NetGPO' -Alias '*' function Save-NetGPO { [CmdletBinding(PositionalBinding=$false)] param( [Parameter(ParameterSetName='Save1', Mandatory=$true, Position=0)] [string] ${GPOSession}, [Parameter(ParameterSetName='Save1')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Save1')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Save1')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GPOSession')) { [object]$__cmdletization_value = ${GPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Save', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetGPO.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Save-NetGPO' -Alias '*' ScriptBlock ID: bcd5761b-91d0-4f39-ade3-8271b5b02177 Path:	4104	1		3	2	15	0	1583	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:02 PM	839e3e65-ff4b-0000-124c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): eFullAuthSupport')) { [object]$__cmdletization_value = ${RequireFullAuthSupport} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RequireFullAuthSupport'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RequireFullAuthSupport'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('CertValidationLevel')) { [object]$__cmdletization_value = ${CertValidationLevel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CertValidationLevel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.CRLCheck'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CertValidationLevel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.CRLCheck'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowIPsecThroughNAT')) { [object]$__cmdletization_value = ${AllowIPsecThroughNAT} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowIPsecThroughNAT'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecThroughNAT'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowIPsecThroughNAT'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecThroughNAT'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxSAIdleTimeSeconds')) { [object]$__cmdletization_value = ${MaxSAIdleTimeSeconds} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxSAIdleTimeSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxSAIdleTimeSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('KeyEncoding')) { [object]$__cmdletization_value = ${KeyEncoding} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'KeyEncoding'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyEncoding'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'KeyEncoding'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyEncoding'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnablePacketQueuing')) { [object]$__cmdletization_value = ${EnablePacketQueuing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnablePacketQueuing'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PacketQueuing'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnablePacketQueuing'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PacketQueuing'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallSetting.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetFirewallSetting' -Alias '*' ScriptBlock ID: 6afe5a29-e302-4d0b-9db0-f5e76ebe7e2b Path:	4104	1		3	2	15	0	1582	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:02 PM	839e3e65-ff4b-0000-0e4c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetSecuritySettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetFirewallSetting { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetSecuritySettingData')] param( [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallSetting.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetFirewallSetting' -Alias '*' function Set-NetFirewallSetting { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetSecuritySettingData')] param( [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetSecuritySettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.TrafficExemption] ${Exemptions}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${EnableStatefulFtp}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${EnableStatefulPptp}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${RemoteMachineTransportAuthorizationList}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${RemoteMachineTunnelAuthorizationList}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${RemoteUserTransportAuthorizationList}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${RemoteUserTunnelAuthorizationList}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${RequireFullAuthSupport}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.CRLCheck] ${CertValidationLevel}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecThroughNAT] ${AllowIPsecThroughNAT}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${MaxSAIdleTimeSeconds}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyEncoding] ${KeyEncoding}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PacketQueuing] ${EnablePacketQueuing}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('Query (cdxml)', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Exemptions')) { [object]$__cmdletization_value = ${Exemptions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Exemptions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.TrafficExemption'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Exemptions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.TrafficExemption'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableStatefulFtp')) { [object]$__cmdletization_value = ${EnableStatefulFtp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableStatefulFtp'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableStatefulFtp'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableStatefulPptp')) { [object]$__cmdletization_value = ${EnableStatefulPptp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableStatefulPptp'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableStatefulPptp'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteMachineTransportAuthorizationList')) { [object]$__cmdletization_value = ${RemoteMachineTransportAuthorizationList} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteMachineTransportAuthorizationList'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteMachineTransportAuthorizationList'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteMachineTunnelAuthorizationList')) { [object]$__cmdletization_value = ${RemoteMachineTunnelAuthorizationList} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteMachineTunnelAuthorizationList'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteMachineTunnelAuthorizationList'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteUserTransportAuthorizationList')) { [object]$__cmdletization_value = ${RemoteUserTransportAuthorizationList} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteUserTransportAuthorizationList'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteUserTransportAuthorizationList'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteUserTunnelAuthorizationList')) { [object]$__cmdletization_value = ${RemoteUserTunnelAuthorizationList} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteUserTunnelAuthorizationList'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteUserTunnelAuthorizationList'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Requir ScriptBlock ID: 6afe5a29-e302-4d0b-9db0-f5e76ebe7e2b Path:	4104	1		3	2	15	0	1581	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:02 PM	839e3e65-ff4b-0000-0e4c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetQuickModeSA' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetIPsecQuickModeSA { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetQuickModeSA')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeSA', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeSA')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeSA}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeSA')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeSA')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeSA')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeSA') -and (@('ByAssociatedNetIPsecMainModeSA') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeSA}, 'MSFT_NetSAAssociation', 'Antecedent', 'Dependent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecQuickModeSA.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPsecQuickModeSA' -Alias '*' function Remove-NetIPsecQuickModeSA { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetQuickModeSA')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeSA', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeSA')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeSA}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetQuickModeSA')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeSA')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeSA')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeSA')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeSA')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeSA') -and (@('ByAssociatedNetIPsecMainModeSA') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeSA}, 'MSFT_NetSAAssociation', 'Antecedent', 'Dependent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByAssociatedNetIPsecMainModeSA', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecQuickModeSA.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetIPsecQuickModeSA' -Alias '*' ScriptBlock ID: 38b3115e-6e98-4c00-a296-c490de2a5e92 Path:	4104	1		3	2	15	0	1580	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:02 PM	839e3e65-ff4b-0000-0a4c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetMainModeSA' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetIPsecMainModeSA { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeSA')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeSA', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetQuickModeSA')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecQuickModeSA}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeSA')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeSA')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeSA')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecQuickModeSA') -and (@('ByAssociatedNetIPsecQuickModeSA') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecQuickModeSA}, 'MSFT_NetSAAssociation', 'Dependent', 'Antecedent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeSA.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPsecMainModeSA' -Alias '*' function Remove-NetIPsecMainModeSA { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeSA')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeSA', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetQuickModeSA')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecQuickModeSA}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetMainModeSA')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeSA')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeSA')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeSA')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeSA')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecQuickModeSA') -and (@('ByAssociatedNetIPsecQuickModeSA') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecQuickModeSA}, 'MSFT_NetSAAssociation', 'Dependent', 'Antecedent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByAssociatedNetIPsecQuickModeSA', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeSA.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetIPsecMainModeSA' -Alias '*' ScriptBlock ID: 5ff24819-d046-42ac-8f41-e46a60c1eae0 Path:	4104	1		3	2	15	0	1579	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:02 PM	839e3e65-ff4b-0000-064c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetIPsecIdentity' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } ScriptBlock ID: 25c8093c-adf6-47e2-b757-c95c9b976e34 Path:	4104	1		3	2	15	0	1578	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:02 PM	839e3e65-ff4b-0000-044c-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('ElementName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecDospSetting.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetIPsecDospSetting' -Alias '*' ScriptBlock ID: 68b1e798-56cf-4fc3-9868-eba8a381804a Path:	4104	1		3	2	15	0	1577	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:02 PM	839e3e65-ff4b-0000-fe4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): etization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6FilterExemptDscp')) { [object]$__cmdletization_value = ${IpV6FilterExemptDscp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6FilterExemptDscp'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6FilterExemptDscp'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6FilterExemptRateLimitBytesPerSec')) { [object]$__cmdletization_value = ${IpV6FilterExemptRateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6FilterExemptRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6FilterExemptRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefBlockExemptDscp')) { [object]$__cmdletization_value = ${DefBlockExemptDscp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefBlockExemptDscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefBlockExemptDscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefBlockExemptRateLimitBytesPerSec')) { [object]$__cmdletization_value = ${DefBlockExemptRateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefBlockExemptRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefBlockExemptRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxStateEntries')) { [object]$__cmdletization_value = ${MaxStateEntries} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxStateEntries'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxStateEntries'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxPerIPRateLimitQueues')) { [object]$__cmdletization_value = ${MaxPerIPRateLimitQueues} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxPerIPRateLimitQueues'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxPerIPRateLimitQueues'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnabledKeyingModules')) { [object]$__cmdletization_value = ${EnabledKeyingModules} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnabledKeyingModules'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospKeyModules'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnabledKeyingModules'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospKeyModules'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('FilteringFlags')) { [object]$__cmdletization_value = ${FilteringFlags} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'FilteringFlags'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospFlags'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'FilteringFlags'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospFlags'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PublicInterfaceAliases')) { [object]$__cmdletization_value = ${PublicInterfaceAliases} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PublicInterfaceAliases'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PublicInterfaceAliases'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PrivateInterfaceAliases')) { [object]$__cmdletization_value = ${PrivateInterfaceAliases} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrivateInterfaceAliases'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrivateInterfaceAliases'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PublicV6Address')) { [object]$__cmdletization_value = ${PublicV6Address} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PublicV6Address'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PublicV6Address'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PrivateV6Address')) { [object]$__cmdletization_value = ${PrivateV6Address} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrivateV6Address'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrivateV6Address'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecDospSetting.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetIPsecDospSetting' -Alias '*' function Remove-NetIPsecDospSetting { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIPsecDoSPSetting')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIPsecDoSPSetting')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { ScriptBlock ID: 68b1e798-56cf-4fc3-9868-eba8a381804a Path:	4104	1		3	2	15	0	1576	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:02 PM	839e3e65-ff4b-0000-fe4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): hrow } } # .EXTERNALHELP NetIPsecDospSetting.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPsecDospSetting' -Alias '*' function Set-NetIPsecDospSetting { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIPsecDoSPSetting')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIPsecDoSPSetting')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${StateIdleTimeoutSeconds}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${PerIPRateLimitQueueIdleTimeoutSeconds}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${IpV6IPsecUnauthDscp}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${IpV6IPsecUnauthRateLimitBytesPerSec}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${IpV6IPsecUnauthPerIPRateLimitBytesPerSec}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint16] ${IpV6IPsecAuthDscp}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${IpV6IPsecAuthRateLimitBytesPerSec}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint16] ${IcmpV6Dscp}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${IcmpV6RateLimitBytesPerSec}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${IpV6FilterExemptDscp}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${IpV6FilterExemptRateLimitBytesPerSec}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint16] ${DefBlockExemptDscp}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${DefBlockExemptRateLimitBytesPerSec}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${MaxStateEntries}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${MaxPerIPRateLimitQueues}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospKeyModules] ${EnabledKeyingModules}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospFlags] ${FilteringFlags}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [WildcardPattern[]] ${PublicInterfaceAliases}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [WildcardPattern[]] ${PrivateInterfaceAliases}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${PublicV6Address}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${PrivateV6Address}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('ElementName', $__cmdletization_values, $true, 'Default') } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('StateIdleTimeoutSeconds')) { [object]$__cmdletization_value = ${StateIdleTimeoutSeconds} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'StateIdleTimeoutSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'StateIdleTimeoutSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PerIPRateLimitQueueIdleTimeoutSeconds')) { [object]$__cmdletization_value = ${PerIPRateLimitQueueIdleTimeoutSeconds} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PerIPRateLimitQueueIdleTimeoutSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PerIPRateLimitQueueIdleTimeoutSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6IPsecUnauthDscp')) { [object]$__cmdletization_value = ${IpV6IPsecUnauthDscp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthDscp'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthDscp'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6IPsecUnauthRateLimitBytesPerSec')) { [object]$__cmdletization_value = ${IpV6IPsecUnauthRateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6IPsecUnauthPerIPRateLimitBytesPerSec')) { [object]$__cmdletization_value = ${IpV6IPsecUnauthPerIPRateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthPerIPRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthPerIPRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6IPsecAuthDscp')) { [object]$__cmdletization_value = ${IpV6IPsecAuthDscp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecAuthDscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecAuthDscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6IPsecAuthRateLimitBytesPerSec')) { [object]$__cmdletization_value = ${IpV6IPsecAuthRateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecAuthRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecAuthRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IcmpV6Dscp')) { [object]$__cmdletization_value = ${IcmpV6Dscp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpV6Dscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpV6Dscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IcmpV6RateLimitBytesPerSec')) { [object]$__cmdletization_value = ${IcmpV6RateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpV6RateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpV6RateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdl ScriptBlock ID: 68b1e798-56cf-4fc3-9868-eba8a381804a Path:	4104	1		3	2	15	0	1575	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:02 PM	839e3e65-ff4b-0000-fe4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): [object]$__cmdletization_value = ${IpV6FilterExemptDscp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6FilterExemptDscp'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6FilterExemptDscp'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6FilterExemptRateLimitBytesPerSec')) { [object]$__cmdletization_value = ${IpV6FilterExemptRateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6FilterExemptRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6FilterExemptRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefBlockExemptDscp')) { [object]$__cmdletization_value = ${DefBlockExemptDscp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefBlockExemptDscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefBlockExemptDscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefBlockExemptRateLimitBytesPerSec')) { [object]$__cmdletization_value = ${DefBlockExemptRateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefBlockExemptRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefBlockExemptRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxStateEntries')) { [object]$__cmdletization_value = ${MaxStateEntries} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxStateEntries'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxStateEntries'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxPerIPRateLimitQueues')) { [object]$__cmdletization_value = ${MaxPerIPRateLimitQueues} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxPerIPRateLimitQueues'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxPerIPRateLimitQueues'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnabledKeyingModules')) { [object]$__cmdletization_value = ${EnabledKeyingModules} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnabledKeyingModules'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospKeyModules'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnabledKeyingModules'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospKeyModules'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('FilteringFlags')) { [object]$__cmdletization_value = ${FilteringFlags} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'FilteringFlags'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospFlags'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'FilteringFlags'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospFlags'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PublicInterfaceAliases')) { [object]$__cmdletization_value = ${PublicInterfaceAliases} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PublicInterfaceAliases'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PublicInterfaceAliases'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PrivateInterfaceAliases')) { [object]$__cmdletization_value = ${PrivateInterfaceAliases} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrivateInterfaceAliases'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrivateInterfaceAliases'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PublicV6Address')) { [object]$__cmdletization_value = ${PublicV6Address} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PublicV6Address'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PublicV6Address'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PrivateV6Address')) { [object]$__cmdletization_value = ${PrivateV6Address} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrivateV6Address'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrivateV6Address'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:CreateInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecDospSetting.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetIPsecDospSetting' -Alias '*' function Get-NetIPsecDospSetting { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIPsecDoSPSetting')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('ElementName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { t ScriptBlock ID: 68b1e798-56cf-4fc3-9868-eba8a381804a Path:	4104	1		3	2	15	0	1574	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:02 PM	839e3e65-ff4b-0000-fe4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetIPsecDoSPSetting' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetIPsecDospSetting { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] param( [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [string] ${Name}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${StateIdleTimeoutSeconds}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${PerIPRateLimitQueueIdleTimeoutSeconds}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${IpV6IPsecUnauthDscp}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${IpV6IPsecUnauthRateLimitBytesPerSec}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${IpV6IPsecUnauthPerIPRateLimitBytesPerSec}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint16] ${IpV6IPsecAuthDscp}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${IpV6IPsecAuthRateLimitBytesPerSec}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint16] ${IcmpV6Dscp}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${IcmpV6RateLimitBytesPerSec}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${IpV6FilterExemptDscp}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${IpV6FilterExemptRateLimitBytesPerSec}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint16] ${DefBlockExemptDscp}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${DefBlockExemptRateLimitBytesPerSec}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${MaxStateEntries}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${MaxPerIPRateLimitQueues}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospKeyModules] ${EnabledKeyingModules}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospFlags] ${FilteringFlags}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [WildcardPattern[]] ${PublicInterfaceAliases}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [WildcardPattern[]] ${PrivateInterfaceAliases}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${PublicV6Address}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${PrivateV6Address}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Name')) { [object]$__cmdletization_value = ${Name} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('StateIdleTimeoutSeconds')) { [object]$__cmdletization_value = ${StateIdleTimeoutSeconds} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'StateIdleTimeoutSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'StateIdleTimeoutSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PerIPRateLimitQueueIdleTimeoutSeconds')) { [object]$__cmdletization_value = ${PerIPRateLimitQueueIdleTimeoutSeconds} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PerIPRateLimitQueueIdleTimeoutSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PerIPRateLimitQueueIdleTimeoutSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6IPsecUnauthDscp')) { [object]$__cmdletization_value = ${IpV6IPsecUnauthDscp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthDscp'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthDscp'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6IPsecUnauthRateLimitBytesPerSec')) { [object]$__cmdletization_value = ${IpV6IPsecUnauthRateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6IPsecUnauthPerIPRateLimitBytesPerSec')) { [object]$__cmdletization_value = ${IpV6IPsecUnauthPerIPRateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthPerIPRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthPerIPRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6IPsecAuthDscp')) { [object]$__cmdletization_value = ${IpV6IPsecAuthDscp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecAuthDscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecAuthDscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6IPsecAuthRateLimitBytesPerSec')) { [object]$__cmdletization_value = ${IpV6IPsecAuthRateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecAuthRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecAuthRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IcmpV6Dscp')) { [object]$__cmdletization_value = ${IcmpV6Dscp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpV6Dscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpV6Dscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IcmpV6RateLimitBytesPerSec')) { [object]$__cmdletization_value = ${IcmpV6RateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpV6RateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpV6RateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6FilterExemptDscp')) { ScriptBlock ID: 68b1e798-56cf-4fc3-9868-eba8a381804a Path:	4104	1		3	2	15	0	1573	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:02 PM	839e3e65-ff4b-0000-fe4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetSecDeltaCollection' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } ScriptBlock ID: 9a7d5e1a-6f43-4656-9304-ef54fc878c87 Path:	4104	1		3	2	15	0	1572	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:02 PM	839e3e65-ff4b-0000-fc4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): on.MethodParameter]@{Name = 'AllowUserApps'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowUserApps'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowUserPorts')) { [object]$__cmdletization_value = ${AllowUserPorts} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowUserPorts'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowUserPorts'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowUnicastResponseToMulticast')) { [object]$__cmdletization_value = ${AllowUnicastResponseToMulticast} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowUnicastResponseToMulticast'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowUnicastResponseToMulticast'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NotifyOnListen')) { [object]$__cmdletization_value = ${NotifyOnListen} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NotifyOnListen'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NotifyOnListen'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableStealthModeForIPsec')) { [object]$__cmdletization_value = ${EnableStealthModeForIPsec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableStealthModeForIPsec'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableStealthModeForIPsec'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LogFileName')) { [object]$__cmdletization_value = ${LogFileName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LogFileName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LogFileName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LogMaxSizeKilobytes')) { [object]$__cmdletization_value = ${LogMaxSizeKilobytes} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LogMaxSizeKilobytes'; ParameterType = 'System.UInt64'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LogMaxSizeKilobytes'; ParameterType = 'System.UInt64'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LogAllowed')) { [object]$__cmdletization_value = ${LogAllowed} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LogAllowed'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LogAllowed'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LogBlocked')) { [object]$__cmdletization_value = ${LogBlocked} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LogBlocked'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LogBlocked'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LogIgnored')) { [object]$__cmdletization_value = ${LogIgnored} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LogIgnored'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LogIgnored'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisabledInterfaceAliases')) { [object]$__cmdletization_value = ${DisabledInterfaceAliases} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisabledInterfaceAliases'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisabledInterfaceAliases'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallProfile.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetFirewallProfile' -Alias '*' ScriptBlock ID: cb434125-6b6d-446f-acbc-f7637ded5189 Path:	4104	1		3	2	15	0	1571	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:02 PM	839e3e65-ff4b-0000-f84b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): arameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${AllowUnicastResponseToMulticast}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${NotifyOnListen}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${EnableStealthModeForIPsec}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${LogFileName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint64] ${LogMaxSizeKilobytes}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${LogAllowed}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${LogBlocked}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${LogIgnored}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${DisabledInterfaceAliases}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefaultInboundAction')) { [object]$__cmdletization_value = ${DefaultInboundAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefaultInboundAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefaultInboundAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefaultOutboundAction')) { [object]$__cmdletization_value = ${DefaultOutboundAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefaultOutboundAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefaultOutboundAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowInboundRules')) { [object]$__cmdletization_value = ${AllowInboundRules} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowInboundRules'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowInboundRules'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowLocalFirewallRules')) { [object]$__cmdletization_value = ${AllowLocalFirewallRules} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowLocalFirewallRules'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowLocalFirewallRules'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowLocalIPsecRules')) { [object]$__cmdletization_value = ${AllowLocalIPsecRules} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowLocalIPsecRules'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowLocalIPsecRules'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowUserApps')) { [object]$__cmdletization_value = ${AllowUserApps} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletizati ScriptBlock ID: cb434125-6b6d-446f-acbc-f7637ded5189 Path:	4104	1		3	2	15	0	1570	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:02 PM	839e3e65-ff4b-0000-f84b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetFirewallProfile' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetFirewallProfile { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('Profile')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallRule') -and (@('ByAssociatedNetFirewallRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallRule}, 'MSFT_NetFirewallRuleInProfile', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleInProfile', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeRule') -and (@('ByAssociatedNetIPsecMainModeRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeRule}, 'MSFT_NetMainModeRuleInProfile', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByAssociatedNetFirewallRule', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByAssociatedNetFirewallRule', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallProfile.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetFirewallProfile' -Alias '*' function Set-NetFirewallProfile { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('Profile')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action] ${DefaultInboundAction}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action] ${DefaultOutboundAction}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${AllowInboundRules}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${AllowLocalFirewallRules}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${AllowLocalIPsecRules}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${AllowUserApps}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${AllowUserPorts}, [Parameter(P ScriptBlock ID: cb434125-6b6d-446f-acbc-f7637ded5189 Path:	4104	1		3	2	15	0	1569	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:02 PM	839e3e65-ff4b-0000-f84b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): )] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewPolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewGPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PerfectForwardSecrecyGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PerfectForwardSecrecyGroup}) $__cmdletization_queryBuilder.FilterByProperty('PfsGroupID', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleQMCryptoSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewPolicyStore')) { [object]$__cmdletization_value = ${NewPolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewGPOSession')) { [object]$__cmdletization_value = ${NewGPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('CloneObject', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecQuickModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Copy-NetIPsecQuickModeCryptoSet' -Alias '*' ScriptBlock ID: 46a16792-9209-400b-bc8e-71c26c11c375 Path:	4104	1		3	2	15	0	1568	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:02 PM	839e3e65-ff4b-0000-f04b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [Alias('PfsGroup')] [ValidateNotNull()] [Microsoft.Windows.Firewall.Commands.DiffieHellmanGroup[]] ${PerfectForwardSecrecyGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName', Mandatory=$true)] [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [Parameter(ParameterSetName='ByQuery', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true)] [Parameter(ParameterSetName='GetAll', Mandatory=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true)] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PerfectForwardSecrecyGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PerfectForwardSecrecyGroup}) $__cmdletization_queryBuilder.FilterByProperty('PfsGroupID', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleQMCryptoSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Rename', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecQuickModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Rename-NetIPsecQuickModeCryptoSet' -Alias '*' function Copy-NetIPsecQuickModeCryptoSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [Alias('PfsGroup')] [ValidateNotNull()] [Microsoft.Windows.Firewall.Commands.DiffieHellmanGroup[]] ${PerfectForwardSecrecyGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule' ScriptBlock ID: 46a16792-9209-400b-bc8e-71c26c11c375 Path:	4104	1		3	2	15	0	1567	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:02 PM	839e3e65-ff4b-0000-f04b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): dletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Proposal')) { [object]$__cmdletization_value = ${Proposal} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PerfectForwardSecrecyGroup')) { [object]$__cmdletization_value = ${PerfectForwardSecrecyGroup} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PfsGroupID'; ParameterType = 'Microsoft.Windows.Firewall.Commands.DiffieHellmanGroup'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PfsGroupID'; ParameterType = 'Microsoft.Windows.Firewall.Commands.DiffieHellmanGroup'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecQuickModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetIPsecQuickModeCryptoSet' -Alias '*' function Remove-NetIPsecQuickModeCryptoSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [Alias('PfsGroup')] [ValidateNotNull()] [Microsoft.Windows.Firewall.Commands.DiffieHellmanGroup[]] ${PerfectForwardSecrecyGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PerfectForwardSecrecyGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PerfectForwardSecrecyGroup}) $__cmdletization_queryBuilder.FilterByProperty('PfsGroupID', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleQMCryptoSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecQuickModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetIPsecQuickModeCryptoSet' -Alias '*' function Rename-NetIPsecQuickModeCryptoSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] ScriptBlock ID: 46a16792-9209-400b-bc8e-71c26c11c375 Path:	4104	1		3	2	15	0	1566	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:02 PM	839e3e65-ff4b-0000-f04b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): (ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PerfectForwardSecrecyGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PerfectForwardSecrecyGroup}) $__cmdletization_queryBuilder.FilterByProperty('PfsGroupID', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleQMCryptoSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecQuickModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPsecQuickModeCryptoSet' -Alias '*' function Set-NetIPsecQuickModeCryptoSet { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByDisplayGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewDisplayName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Description}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ciminstance[]] ${Proposal}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('PfsGroup')] [Microsoft.Windows.Firewall.Commands.DiffieHellmanGroup] ${PerfectForwardSecrecyGroup}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByDisplayGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewDisplayName')) { [object]$__cmdletization_value = ${NewDisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cm ScriptBlock ID: 46a16792-9209-400b-bc8e-71c26c11c375 Path:	4104	1		3	2	15	0	1565	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:02 PM	839e3e65-ff4b-0000-f04b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetIKEQMCryptoSet' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetIPsecQuickModeCryptoSet { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] param( [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${PolicyStore}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${GPOSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('ID')] [string] ${Name}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [string] ${DisplayName}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Description}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Group}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [ciminstance[]] ${Proposal}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('PfsGroup')] [Microsoft.Windows.Firewall.Commands.DiffieHellmanGroup] ${PerfectForwardSecrecyGroup}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${Default}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GPOSession')) { [object]$__cmdletization_value = ${GPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Name')) { [object]$__cmdletization_value = ${Name} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisplayName')) { [object]$__cmdletization_value = ${DisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Group')) { [object]$__cmdletization_value = ${Group} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Proposal')) { [object]$__cmdletization_value = ${Proposal} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PerfectForwardSecrecyGroup')) { [object]$__cmdletization_value = ${PerfectForwardSecrecyGroup} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PfsGroupID'; ParameterType = 'Microsoft.Windows.Firewall.Commands.DiffieHellmanGroup'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PfsGroupID'; ParameterType = 'Microsoft.Windows.Firewall.Commands.DiffieHellmanGroup'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Default')) { [object]$__cmdletization_value = ${Default} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Default'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Default'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:CreateInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecQuickModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetIPsecQuickModeCryptoSet' -Alias '*' function Get-NetIPsecQuickModeCryptoSet { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [Alias('PfsGroup')] [ValidateNotNull()] [Microsoft.Windows.Firewall.Commands.DiffieHellmanGroup[]] ${PerfectForwardSecrecyGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter ScriptBlock ID: 46a16792-9209-400b-bc8e-71c26c11c375 Path:	4104	1		3	2	15	0	1564	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:02 PM	839e3e65-ff4b-0000-f04b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (8 of 8): $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('MaxMinutes') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxMinutes}) $__cmdletization_queryBuilder.FilterByProperty('MaxLifetimeMinutes', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MaxSessions') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxSessions}) $__cmdletization_queryBuilder.FilterByProperty('MaxLifetimeSessions', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ForceDiffieHellman') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForceDiffieHellman}) $__cmdletization_queryBuilder.FilterByProperty('ForceDiffieHellman', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeRule') -and (@('ByAssociatedNetIPsecMainModeRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeRule}, 'MSFT_NetMainModeRuleMMCryptoSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewPolicyStore')) { [object]$__cmdletization_value = ${NewPolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewGPOSession')) { [object]$__cmdletization_value = ${NewGPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('CloneObject', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Copy-NetIPsecMainModeCryptoSet' -Alias '*' ScriptBlock ID: b15d3aeb-9696-43a7-961e-ade706ad4b06 Path:	4104	1		3	2	15	0	1563	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-e84b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (7 of 8): contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Rename', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Rename-NetIPsecMainModeCryptoSet' -Alias '*' function Copy-NetIPsecMainModeCryptoSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${MaxMinutes}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${MaxSessions}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${ForceDiffieHellman}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEMMCryptoSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewPolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewGPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { ScriptBlock ID: b15d3aeb-9696-43a7-961e-ade706ad4b06 Path:	4104	1		3	2	15	0	1562	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-e84b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 8): MainModeCryptoSet' -Alias '*' function Rename-NetIPsecMainModeCryptoSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${MaxMinutes}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${MaxSessions}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${ForceDiffieHellman}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEMMCryptoSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName', Mandatory=$true)] [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [Parameter(ParameterSetName='ByQuery', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true)] [Parameter(ParameterSetName='GetAll', Mandatory=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true)] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('MaxMinutes') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxMinutes}) $__cmdletization_queryBuilder.FilterByProperty('MaxLifetimeMinutes', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MaxSessions') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxSessions}) $__cmdletization_queryBuilder.FilterByProperty('MaxLifetimeSessions', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ForceDiffieHellman') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForceDiffieHellman}) $__cmdletization_queryBuilder.FilterByProperty('ForceDiffieHellman', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeRule') -and (@('ByAssociatedNetIPsecMainModeRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeRule}, 'MSFT_NetMainModeRuleMMCryptoSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') - ScriptBlock ID: b15d3aeb-9696-43a7-961e-ade706ad4b06 Path:	4104	1		3	2	15	0	1561	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-e84b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 8): ${AssociatedNetIPsecMainModeRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEMMCryptoSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('MaxMinutes') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxMinutes}) $__cmdletization_queryBuilder.FilterByProperty('MaxLifetimeMinutes', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MaxSessions') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxSessions}) $__cmdletization_queryBuilder.FilterByProperty('MaxLifetimeSessions', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ForceDiffieHellman') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForceDiffieHellman}) $__cmdletization_queryBuilder.FilterByProperty('ForceDiffieHellman', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeRule') -and (@('ByAssociatedNetIPsecMainModeRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeRule}, 'MSFT_NetMainModeRuleMMCryptoSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetIPsec ScriptBlock ID: b15d3aeb-9696-43a7-961e-ade706ad4b06 Path:	4104	1		3	2	15	0	1560	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-e84b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 8): ion_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByDisplayGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewDisplayName')) { [object]$__cmdletization_value = ${NewDisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Proposal')) { [object]$__cmdletization_value = ${Proposal} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxMinutes')) { [object]$__cmdletization_value = ${MaxMinutes} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxLifetimeMinutes'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxLifetimeMinutes'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxSessions')) { [object]$__cmdletization_value = ${MaxSessions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxLifetimeSessions'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxLifetimeSessions'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ForceDiffieHellman')) { [object]$__cmdletization_value = ${ForceDiffieHellman} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ForceDiffieHellman'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ForceDiffieHellman'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetIPsecMainModeCryptoSet' -Alias '*' function Remove-NetIPsecMainModeCryptoSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${MaxMinutes}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${MaxSessions}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${ForceDiffieHellman}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance] ScriptBlock ID: b15d3aeb-9696-43a7-961e-ade706ad4b06 Path:	4104	1		3	2	15	0	1559	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-e84b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 8): )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('MaxMinutes') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxMinutes}) $__cmdletization_queryBuilder.FilterByProperty('MaxLifetimeMinutes', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MaxSessions') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxSessions}) $__cmdletization_queryBuilder.FilterByProperty('MaxLifetimeSessions', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ForceDiffieHellman') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForceDiffieHellman}) $__cmdletization_queryBuilder.FilterByProperty('ForceDiffieHellman', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeRule') -and (@('ByAssociatedNetIPsecMainModeRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeRule}, 'MSFT_NetMainModeRuleMMCryptoSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPsecMainModeCryptoSet' -Alias '*' function Set-NetIPsecMainModeCryptoSet { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByDisplayGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEMMCryptoSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewDisplayName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Description}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ciminstance[]] ${Proposal}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${MaxMinutes}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${MaxSessions}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${ForceDiffieHellman}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletizat ScriptBlock ID: b15d3aeb-9696-43a7-961e-ade706ad4b06 Path:	4104	1		3	2	15	0	1558	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-e84b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 8): ation_value = ${MaxMinutes} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxLifetimeMinutes'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxLifetimeMinutes'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxSessions')) { [object]$__cmdletization_value = ${MaxSessions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxLifetimeSessions'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxLifetimeSessions'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ForceDiffieHellman')) { [object]$__cmdletization_value = ${ForceDiffieHellman} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ForceDiffieHellman'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ForceDiffieHellman'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Default')) { [object]$__cmdletization_value = ${Default} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Default'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Default'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:CreateInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetIPsecMainModeCryptoSet' -Alias '*' function Get-NetIPsecMainModeCryptoSet { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${MaxMinutes}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${MaxSessions}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${ForceDiffieHellman}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName ScriptBlock ID: b15d3aeb-9696-43a7-961e-ade706ad4b06 Path:	4104	1		3	2	15	0	1557	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-e84b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 8): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetIKEMMCryptoSet' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetIPsecMainModeCryptoSet { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] param( [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${PolicyStore}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${GPOSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('ID')] [string] ${Name}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [string] ${DisplayName}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Description}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Group}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [ciminstance[]] ${Proposal}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${MaxMinutes}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${MaxSessions}, [Parameter(ParameterSetName='cim:CreateInstance0')] [bool] ${ForceDiffieHellman}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${Default}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GPOSession')) { [object]$__cmdletization_value = ${GPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Name')) { [object]$__cmdletization_value = ${Name} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisplayName')) { [object]$__cmdletization_value = ${DisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Group')) { [object]$__cmdletization_value = ${Group} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Proposal')) { [object]$__cmdletization_value = ${Proposal} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxMinutes')) { [object]$__cmdletiz ScriptBlock ID: b15d3aeb-9696-43a7-961e-ade706ad4b06 Path:	4104	1		3	2	15	0	1556	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-e84b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 6): -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleEMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewPolicyStore')) { [object]$__cmdletization_value = ${NewPolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewGPOSession')) { [object]$__cmdletization_value = ${NewGPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('CloneObject', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase2AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Copy-NetIPsecPhase2AuthSet' -Alias '*' ScriptBlock ID: 69cf0334-f1cb-4d2c-8e55-8a81080d7d54 Path:	4104	1		3	2	15	0	1555	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-e04b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 6): dletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleEMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Rename', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase2AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Rename-NetIPsecPhase2AuthSet' -Alias '*' function Copy-NetIPsecPhase2AuthSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewPolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewGPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') ScriptBlock ID: 69cf0334-f1cb-4d2c-8e55-8a81080d7d54 Path:	4104	1		3	2	15	0	1554	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-e04b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 6): Key('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleEMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase2AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetIPsecPhase2AuthSet' -Alias '*' function Rename-NetIPsecPhase2AuthSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName', Mandatory=$true)] [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [Parameter(ParameterSetName='ByQuery', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true)] [Parameter(ParameterSetName='GetAll', Mandatory=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true)] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cm ScriptBlock ID: 69cf0334-f1cb-4d2c-8e55-8a81080d7d54 Path:	4104	1		3	2	15	0	1553	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-e04b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 6): PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByDisplayGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewDisplayName')) { [object]$__cmdletization_value = ${NewDisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Proposal')) { [object]$__cmdletization_value = ${Proposal} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase2AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetIPsecPhase2AuthSet' -Alias '*' function Remove-NetIPsecPhase2AuthSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.Contains ScriptBlock ID: 69cf0334-f1cb-4d2c-8e55-8a81080d7d54 Path:	4104	1		3	2	15	0	1552	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-e04b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 6): er(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleEMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase2AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPsecPhase2AuthSet' -Alias '*' function Set-NetIPsecPhase2AuthSet { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByDisplayGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewDisplayName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Description}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ciminstance[]] ${Proposal}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $ ScriptBlock ID: 69cf0334-f1cb-4d2c-8e55-8a81080d7d54 Path:	4104	1		3	2	15	0	1551	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-e04b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 6): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetIKEP2AuthSet' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetIPsecPhase2AuthSet { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] param( [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${PolicyStore}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${GPOSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('ID')] [string] ${Name}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [string] ${DisplayName}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Description}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Group}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [ciminstance[]] ${Proposal}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${Default}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GPOSession')) { [object]$__cmdletization_value = ${GPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Name')) { [object]$__cmdletization_value = ${Name} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisplayName')) { [object]$__cmdletization_value = ${DisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Group')) { [object]$__cmdletization_value = ${Group} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Proposal')) { [object]$__cmdletization_value = ${Proposal} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Default')) { [object]$__cmdletization_value = ${Default} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Default'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Default'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:CreateInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase2AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetIPsecPhase2AuthSet' -Alias '*' function Get-NetIPsecPhase2AuthSet { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Paramet ScriptBlock ID: 69cf0334-f1cb-4d2c-8e55-8a81080d7d54 Path:	4104	1		3	2	15	0	1550	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-e04b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleMMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeRule') -and (@('ByAssociatedNetIPsecMainModeRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeRule}, 'MSFT_NetMainModeRuleMMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewPolicyStore')) { [object]$__cmdletization_value = ${NewPolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewGPOSession')) { [object]$__cmdletization_value = ${NewGPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('CloneObject', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase1AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Copy-NetIPsecPhase1AuthSet' -Alias '*' ScriptBlock ID: 0b66b3f1-a478-46d1-a448-53a0509c2648 Path:	4104	1		3	2	15	0	1549	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-d84b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): vateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleMMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeRule') -and (@('ByAssociatedNetIPsecMainModeRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeRule}, 'MSFT_NetMainModeRuleMMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Rename', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase1AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Rename-NetIPsecPhase1AuthSet' -Alias '*' function Copy-NetIPsecPhase1AuthSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewPolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewGPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { ScriptBlock ID: 0b66b3f1-a478-46d1-a448-53a0509c2648 Path:	4104	1		3	2	15	0	1548	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-d84b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): rameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleMMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeRule') -and (@('ByAssociatedNetIPsecMainModeRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeRule}, 'MSFT_NetMainModeRuleMMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase1AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetIPsecPhase1AuthSet' -Alias '*' function Rename-NetIPsecPhase1AuthSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName', Mandatory=$true)] [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [Parameter(ParameterSetName='ByQuery', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true)] [Parameter(ParameterSetName='GetAll', Mandatory=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true)] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:Pri ScriptBlock ID: 0b66b3f1-a478-46d1-a448-53a0509c2648 Path:	4104	1		3	2	15	0	1547	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-d84b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleMMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeRule') -and (@('ByAssociatedNetIPsecMainModeRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeRule}, 'MSFT_NetMainModeRuleMMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase1AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPsecPhase1AuthSet' -Alias '*' function Set-NetIPsecPhase1AuthSet { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByDisplayGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewDisplayName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Description}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ciminstance[]] ${Proposal}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByDisplayGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewDisplayName')) { [object]$__cmdletization_value = ${NewDisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Proposal')) { [object]$__cmdletization_value = ${Proposal} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase1AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetIPsecPhase1AuthSet' -Alias '*' function Remove-NetIPsecPhase1AuthSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(Pa ScriptBlock ID: 0b66b3f1-a478-46d1-a448-53a0509c2648 Path:	4104	1		3	2	15	0	1546	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-d84b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetIKEP1AuthSet' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetIPsecPhase1AuthSet { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] param( [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${PolicyStore}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${GPOSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('ID')] [string] ${Name}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [string] ${DisplayName}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Description}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Group}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [ciminstance[]] ${Proposal}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${Default}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GPOSession')) { [object]$__cmdletization_value = ${GPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Name')) { [object]$__cmdletization_value = ${Name} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisplayName')) { [object]$__cmdletization_value = ${DisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Group')) { [object]$__cmdletization_value = ${Group} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Proposal')) { [object]$__cmdletization_value = ${Proposal} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Default')) { [object]$__cmdletization_value = ${Default} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Default'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Default'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:CreateInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase1AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetIPsecPhase1AuthSet' -Alias '*' function Get-NetIPsecPhase1AuthSet { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } ScriptBlock ID: 0b66b3f1-a478-46d1-a448-53a0509c2648 Path:	4104	1		3	2	15	0	1545	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-d84b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetServiceFilter' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetFirewallServiceFilter { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetServiceFilter')] param( [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Service}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Service') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Service}) $__cmdletization_queryBuilder.FilterByProperty('ServiceName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallRule') -and (@('ByAssociatedNetFirewallRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallRule}, 'MSFT_NetFirewallRuleFilterByService', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByQuery', 'ByAssociatedNetFirewallRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByQuery', 'ByAssociatedNetFirewallRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallServiceFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetFirewallServiceFilter' -Alias '*' function Set-NetFirewallServiceFilter { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetServiceFilter')] param( [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetServiceFilter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Service}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('Query (cdxml)', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Service')) { [object]$__cmdletization_value = ${Service} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ServiceName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ServiceName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallServiceFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetFirewallServiceFilter' -Alias '*' ScriptBlock ID: 9de3fd64-f49e-4ec9-930a-723f14d92b80 Path:	4104	1		3	2	15	0	1544	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-d44b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetProtocolPortFilter' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetFirewallPortFilter { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] param( [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Protocol}, [Parameter(ParameterSetName='ByQuery')] [Alias('DynamicTransport')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DynamicTransport[]] ${DynamicTarget}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Protocol') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Protocol}) $__cmdletization_queryBuilder.FilterByProperty('Protocol', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DynamicTarget') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DynamicTarget}) $__cmdletization_queryBuilder.FilterByProperty('DynamicTransport', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallRule') -and (@('ByAssociatedNetFirewallRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallRule}, 'MSFT_NetFirewallRuleFilterByProtocolPort', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleFilterByProtocolPort', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByQuery', 'ByAssociatedNetFirewallRule', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByQuery', 'ByAssociatedNetFirewallRule', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallPortFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetFirewallPortFilter' -Alias '*' function Set-NetFirewallPortFilter { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] param( [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Protocol}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${LocalPort}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${RemotePort}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${IcmpType}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('DynamicTransport')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DynamicTransport] ${DynamicTarget}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('Query (cdxml)', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Protocol')) { [object]$__cmdletization_value = ${Protocol} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalPort')) { [object]$__cmdletization_value = ${LocalPort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalPort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalPort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemotePort')) { [object]$__cmdletization_value = ${RemotePort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemotePort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemotePort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IcmpType')) { [object]$__cmdletization_value = ${IcmpType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpType'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpType'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DynamicTarget')) { [object]$__cmdletization_value = ${DynamicTarget} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DynamicTransport'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DynamicTransport'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DynamicTransport'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DynamicTransport'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallPortFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetFirewallPortFilter' -Alias '*' ScriptBlock ID: 84c25700-0818-40ff-9f0d-66083289ac32 Path:	4104	1		3	2	15	0	1543	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0002-5ecf-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallSecurityFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetFirewallSecurityFilter' -Alias '*' ScriptBlock ID: bb81f4d9-9f93-4e3d-b844-1311ed6165ee Path:	4104	1		3	2	15	0	1542	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-d04b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Encryption] ${Encryption}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${OverrideBlockRules}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${LocalUser}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${RemoteUser}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${RemoteMachine}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('Query (cdxml)', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Authentication')) { [object]$__cmdletization_value = ${Authentication} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Authentication'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Authentication'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Authentication'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Authentication'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Encryption')) { [object]$__cmdletization_value = ${Encryption} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Encryption'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Encryption'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Encryption'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Encryption'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('OverrideBlockRules')) { [object]$__cmdletization_value = ${OverrideBlockRules} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'OverrideBlockRules'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'OverrideBlockRules'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalUser')) { [object]$__cmdletization_value = ${LocalUser} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalUsers'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalUsers'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteUser')) { [object]$__cmdletization_value = ${RemoteUser} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteUsers'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteUsers'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteMachine')) { [object]$__cmdletization_value = ${RemoteMachine} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteMachines'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteMachines'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { ScriptBlock ID: bb81f4d9-9f93-4e3d-b844-1311ed6165ee Path:	4104	1		3	2	15	0	1541	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-d04b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetNetworkLayerSecurityFilter' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetFirewallSecurityFilter { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetNetworkLayerSecurityFilter')] param( [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Authentication[]] ${Authentication}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Encryption[]] ${Encryption}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${OverrideBlockRules}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${LocalUser}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${RemoteUser}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${RemoteMachine}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Authentication') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Authentication}) $__cmdletization_queryBuilder.FilterByProperty('Authentication', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Encryption') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Encryption}) $__cmdletization_queryBuilder.FilterByProperty('Encryption', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OverrideBlockRules') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OverrideBlockRules}) $__cmdletization_queryBuilder.FilterByProperty('OverrideBlockRules', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LocalUser') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LocalUser}) $__cmdletization_queryBuilder.FilterByProperty('LocalUsers', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('RemoteUser') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemoteUser}) $__cmdletization_queryBuilder.FilterByProperty('RemoteUsers', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('RemoteMachine') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemoteMachine}) $__cmdletization_queryBuilder.FilterByProperty('RemoteMachines', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallRule') -and (@('ByAssociatedNetFirewallRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallRule}, 'MSFT_NetFirewallRuleFilterBySecurity', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByQuery', 'ByAssociatedNetFirewallRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByQuery', 'ByAssociatedNetFirewallRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallSecurityFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetFirewallSecurityFilter' -Alias '*' function Set-NetFirewallSecurityFilter { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetNetworkLayerSecurityFilter')] param( [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetNetworkLayerSecurityFilter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Authentication] ${Authentication}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName=' ScriptBlock ID: bb81f4d9-9f93-4e3d-b844-1311ed6165ee Path:	4104	1		3	2	15	0	1540	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-d04b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetInterfaceTypeFilter' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetFirewallInterfaceTypeFilter { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] param( [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType[]] ${InterfaceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('InterfaceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceType}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallRule') -and (@('ByAssociatedNetFirewallRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallRule}, 'MSFT_NetFirewallRuleFilterByInterfaceType', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleFilterByInterfaceType', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByQuery', 'ByAssociatedNetFirewallRule', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByQuery', 'ByAssociatedNetFirewallRule', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallInterfaceTypeFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetFirewallInterfaceTypeFilter' -Alias '*' function Set-NetFirewallInterfaceTypeFilter { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] param( [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType] ${InterfaceType}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('Query (cdxml)', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceType')) { [object]$__cmdletization_value = ${InterfaceType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallInterfaceTypeFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetFirewallInterfaceTypeFilter' -Alias '*' ScriptBlock ID: c0c59d7f-17fa-49e7-8a1c-9b2fe418b701 Path:	4104	1		3	2	15	0	1539	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-cc4b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetInterfaceFilter' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetFirewallInterfaceFilter { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] param( [Parameter(ParameterSetName='ByAssociatedNetFirewallRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallRule') -and (@('ByAssociatedNetFirewallRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallRule}, 'MSFT_NetFirewallRuleFilterByInterface', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleFilterByInterface', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByAssociatedNetFirewallRule', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByAssociatedNetFirewallRule', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallInterfaceFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetFirewallInterfaceFilter' -Alias '*' function Set-NetFirewallInterfaceFilter { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] param( [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('Query (cdxml)', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceAlias')) { [object]$__cmdletization_value = ${InterfaceAlias} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceAlias'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceAlias'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallInterfaceFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetFirewallInterfaceFilter' -Alias '*' ScriptBlock ID: 50d54ecf-9ea6-4cfc-ad06-a1207f46e549 Path:	4104	1		3	2	15	0	1538	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-c84b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetApplicationFilter' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetFirewallApplicationFilter { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetApplicationFilter')] param( [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Program}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Package}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Program') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Program}) $__cmdletization_queryBuilder.FilterByProperty('AppPath', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Package') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Package}) $__cmdletization_queryBuilder.FilterByProperty('Package', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallRule') -and (@('ByAssociatedNetFirewallRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallRule}, 'MSFT_NetFirewallRuleFilterByApplication', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByQuery', 'ByAssociatedNetFirewallRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByQuery', 'ByAssociatedNetFirewallRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallApplicationFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetFirewallApplicationFilter' -Alias '*' function Set-NetFirewallApplicationFilter { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetApplicationFilter')] param( [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetApplicationFilter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Program}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Package}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('Query (cdxml)', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Program')) { [object]$__cmdletization_value = ${Program} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AppPath'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AppPath'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Package')) { [object]$__cmdletization_value = ${Package} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Package'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Package'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallApplicationFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetFirewallApplicationFilter' -Alias '*' ScriptBlock ID: 7ca4fbe1-7169-4fbc-9184-b8c4c4566aa1 Path:	4104	1		3	2	15	0	1537	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-c44b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetAddressFilter' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetFirewallAddressFilter { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] param( [Parameter(ParameterSetName='ByAssociatedNetFirewallRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallRule') -and (@('ByAssociatedNetFirewallRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallRule}, 'MSFT_NetFirewallRuleFilterByAddress', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleFilterByAddress', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeRule') -and (@('ByAssociatedNetIPsecMainModeRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeRule}, 'MSFT_NetMainModeRuleFilterByAddress', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByAssociatedNetFirewallRule', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByAssociatedNetFirewallRule', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallAddressFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetFirewallAddressFilter' -Alias '*' function Set-NetFirewallAddressFilter { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] param( [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('LocalIP')] [string[]] ${LocalAddress}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('RemoteIP')] [string[]] ${RemoteAddress}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('Query (cdxml)', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalAddress')) { [object]$__cmdletization_value = ${LocalAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteAddress')) { [object]$__cmdletization_value = ${RemoteAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallAddressFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetFirewallAddressFilter' -Alias '*' ScriptBlock ID: 1d9c21af-0385-4599-8170-1b0b45de7fc2 Path:	4104	1		3	2	15	0	1536	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0003-615d-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (10 of 10): inModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('MainModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetMainModeRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetMainModeRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetMainModeRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeCryptoSet') -and (@('ByAssociatedNetIPsecMainModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeCryptoSet}, 'MSFT_NetMainModeRuleMMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetIPsecMainModeRule' -Alias '*' ScriptBlock ID: c7aec624-0e5a-4bc6-a641-4d9baac3f016 Path:	4104	1		3	2	15	0	1535	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-c04b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (9 of 10): etFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetMainModeRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetMainModeRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeCryptoSet') -and (@('ByAssociatedNetIPsecMainModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeCryptoSet}, 'MSFT_NetMainModeRuleMMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetIPsecMainModeRule' -Alias '*' function Disable-NetIPsecMainModeRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${MainModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MainModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Ma ScriptBlock ID: c7aec624-0e5a-4bc6-a641-4d9baac3f016 Path:	4104	1		3	2	15	0	1534	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-c04b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (8 of 10): [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('CloneObject', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Copy-NetIPsecMainModeRule' -Alias '*' function Enable-NetIPsecMainModeRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${MainModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MainModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MainModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('MainModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetMainModeRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedN ScriptBlock ID: c7aec624-0e5a-4bc6-a641-4d9baac3f016 Path:	4104	1		3	2	15	0	1533	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-c04b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (7 of 10): tName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewPolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewGPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MainModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MainModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('MainModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetMainModeRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetMainModeRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetMainModeRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeCryptoSet') -and (@('ByAssociatedNetIPsecMainModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeCryptoSet}, 'MSFT_NetMainModeRuleMMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewPolicyStore')) { [object]$__cmdletization_value = ${NewPolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewGPOSession')) { [object]$__cmdletization_value = ${NewGPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { ScriptBlock ID: c7aec624-0e5a-4bc6-a641-4d9baac3f016 Path:	4104	1		3	2	15	0	1532	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-c04b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 10): eter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MainModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MainModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('MainModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetMainModeRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetMainModeRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetMainModeRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeCryptoSet') -and (@('ByAssociatedNetIPsecMainModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeCryptoSet}, 'MSFT_NetMainModeRuleMMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Rename', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Rename-NetIPsecMainModeRule' -Alias '*' function Copy-NetIPsecMainModeRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${MainModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSe ScriptBlock ID: c7aec624-0e5a-4bc6-a641-4d9baac3f016 Path:	4104	1		3	2	15	0	1531	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-c04b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 10): ameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MainModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MainModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('MainModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetMainModeRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetMainModeRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetMainModeRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeCryptoSet') -and (@('ByAssociatedNetIPsecMainModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeCryptoSet}, 'MSFT_NetMainModeRuleMMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetIPsecMainModeRule' -Alias '*' function Rename-NetIPsecMainModeRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${MainModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName', Mandatory=$true)] [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [Parameter(ParameterSetName='ByQuery', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet', Mandatory=$true)] [Parameter(ParameterSetName='GetAll', Mandatory=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true)] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Param ScriptBlock ID: c7aec624-0e5a-4bc6-a641-4d9baac3f016 Path:	4104	1		3	2	15	0	1530	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-c04b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 10): 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MainModeCryptoSet')) { [object]$__cmdletization_value = ${MainModeCryptoSet} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MainModeCryptoSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MainModeCryptoSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Phase1AuthSet')) { [object]$__cmdletization_value = ${Phase1AuthSet} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase1AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase1AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalAddress')) { [object]$__cmdletization_value = ${LocalAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteAddress')) { [object]$__cmdletization_value = ${RemoteAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetIPsecMainModeRule' -Alias '*' function Remove-NetIPsecMainModeRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${MainModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.Par ScriptBlock ID: c7aec624-0e5a-4bc6-a641-4d9baac3f016 Path:	4104	1		3	2	15	0	1529	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-c04b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 10): icyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPsecMainModeRule' -Alias '*' function Set-NetIPsecMainModeRule { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByDisplayGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewDisplayName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Description}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled] ${Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile] ${Profile}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${Platform}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${MainModeCryptoSet}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${LocalAddress}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${RemoteAddress}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByDisplayGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewDisplayName')) { [object]$__cmdletization_value = ${NewDisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Profile')) { [object]$__cmdletization_value = ${Profile} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Platform')) { [object]$__cmdletization_value = ${Platform} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = ScriptBlock ID: c7aec624-0e5a-4bc6-a641-4d9baac3f016 Path:	4104	1		3	2	15	0	1528	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-c04b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 10): ss'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteAddress')) { [object]$__cmdletization_value = ${RemoteAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:CreateInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetIPsecMainModeRule' -Alias '*' function Get-NetIPsecMainModeRule { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${MainModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MainModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MainModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('MainModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetMainModeRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetMainModeRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetMainModeRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeCryptoSet') -and (@('ByAssociatedNetIPsecMainModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeCryptoSet}, 'MSFT_NetMainModeRuleMMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('Pol ScriptBlock ID: c7aec624-0e5a-4bc6-a641-4d9baac3f016 Path:	4104	1		3	2	15	0	1527	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-c04b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 10): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetMainModeRule' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetIPsecMainModeRule { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] param( [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${PolicyStore}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${GPOSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('ID')] [string] ${Name}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [string] ${DisplayName}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Description}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Group}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled] ${Enabled}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile] ${Profile}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${Platform}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${MainModeCryptoSet}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Phase1AuthSet}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${LocalAddress}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${RemoteAddress}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GPOSession')) { [object]$__cmdletization_value = ${GPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Name')) { [object]$__cmdletization_value = ${Name} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisplayName')) { [object]$__cmdletization_value = ${DisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Group')) { [object]$__cmdletization_value = ${Group} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Profile')) { [object]$__cmdletization_value = ${Profile} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Platform')) { [object]$__cmdletization_value = ${Platform} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MainModeCryptoSet')) { [object]$__cmdletization_value = ${MainModeCryptoSet} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MainModeCryptoSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MainModeCryptoSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Phase1AuthSet')) { [object]$__cmdletization_value = ${Phase1AuthSet} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase1AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase1AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalAddress')) { [object]$__cmdletization_value = ${LocalAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddre ScriptBlock ID: c7aec624-0e5a-4bc6-a641-4d9baac3f016 Path:	4104	1		3	2	15	0	1526	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-c04b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (19 of 19): tization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Output'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('SetPolicyDelta', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Update-NetIPsecRule' -Alias '*' ScriptBlock ID: 376b146a-b0a0-4896-bb08-f22ce2f7b858 Path:	4104	1		3	2	15	0	1525	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-b14b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (18 of 19): lInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Servers')) { [object]$__cmdletization_value = ${Servers} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Servers'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Servers'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Domains')) { [object]$__cmdletization_value = ${Domains} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Domains'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Domains'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EndpointType')) { [object]$__cmdletization_value = ${EndpointType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EndpointType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EndpointType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EndpointType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EndpointType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AddressType')) { [object]$__cmdletization_value = ${AddressType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.AddressVersion'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.AddressVersion'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Output'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DnsServers')) { [object]$__cmdletization_value = ${DnsServers} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsServers'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsServers'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('SyncPolicyDelta', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Sync-NetIPsecRule' -Alias '*' function Update-NetIPsecRule { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance[]])] param( [Parameter(ParameterSetName='Query (cdxml)', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ID','Name')] [ValidateNotNull()] [string[]] ${IPsecRuleName}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='Query (cdxml)', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.ChangeAction] ${Action}, [Parameter(ParameterSetName='Query (cdxml)', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', ValueFromPipelineByPropertyName=$true)] [string[]] ${IPv6Addresses}, [Parameter(ParameterSetName='Query (cdxml)', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', ValueFromPipelineByPropertyName=$true)] [string[]] ${IPv4Addresses}, [Parameter(ParameterSetName='Query (cdxml)', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EndpointType] ${EndpointType}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPsecRuleName') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPsecRuleName}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('Query (cdxml)', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Action')) { [object]$__cmdletization_value = ${Action} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Action'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.ChangeAction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Action'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.ChangeAction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPv6Addresses')) { [object]$__cmdletization_value = ${IPv6Addresses} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv6Addresses'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv6Addresses'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPv4Addresses')) { [object]$__cmdletization_value = ${IPv4Addresses} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv4Addresses'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv4Addresses'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EndpointType')) { [object]$__cmdletization_value = ${EndpointType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EndpointType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EndpointType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EndpointType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EndpointType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdle ScriptBlock ID: 376b146a-b0a0-4896-bb08-f22ce2f7b858 Path:	4104	1		3	2	15	0	1524	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-b14b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (17 of 19): (ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EndpointType] ${EndpointType}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.AddressVersion] ${AddressType}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${DnsServers}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPsecRuleName') -and (@('ByIPsecRuleName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPsecRuleName}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Mode') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Mode}) $__cmdletization_queryBuilder.FilterByProperty('Mode', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('InboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OutboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OutboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('OutboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('QuickModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${QuickModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('QuickModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase2AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase2AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase2AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('KeyModule') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${KeyModule}) $__cmdletization_queryBuilder.FilterByProperty('KeyModule', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowWatchKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowWatchKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowWatchKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowSetKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowSetKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowSetKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RemoteTunnelHostname') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemoteTunnelHostname}) $__cmdletization_queryBuilder.FilterByProperty('RemoteTunnelEndpointDNSName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('ForwardPathLifetime') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForwardPathLifetime}) $__cmdletization_queryBuilder.FilterByProperty('MaxReturnPathLifetimeSeconds', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EncryptedTunnelBypass') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EncryptedTunnelBypass}) $__cmdletization_queryBuilder.FilterByProperty('BypassTunnelIfEncrypted', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RequireAuthorization') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RequireAuthorization}) $__cmdletization_queryBuilder.FilterByProperty('RequireAuthorization', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('User') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${User}) $__cmdletization_queryBuilder.FilterByProperty('Users', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Machine') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Machine}) $__cmdletization_queryBuilder.FilterByProperty('Machines', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetConSecRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetConSecRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetConSecRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetConSecRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetConSecRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase2AuthSet') -and (@('ByAssociatedNetIPsecPhase2AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase2AuthSet}, 'MSFT_NetConSecRuleEMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetConSecRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecQuickModeCryptoSet') -and (@('ByAssociatedNetIPsecQuickModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecQuickModeCryptoSet}, 'MSFT_NetConSecRuleQMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewal ScriptBlock ID: 376b146a-b0a0-4896-bb08-f22ce2f7b858 Path:	4104	1		3	2	15	0	1523	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-b14b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (16 of 19): ce(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetConSecRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetConSecRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetConSecRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetConSecRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetConSecRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase2AuthSet') -and (@('ByAssociatedNetIPsecPhase2AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase2AuthSet}, 'MSFT_NetConSecRuleEMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetConSecRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecQuickModeCryptoSet') -and (@('ByAssociatedNetIPsecQuickModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecQuickModeCryptoSet}, 'MSFT_NetConSecRuleQMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetIPsecRule' -Alias '*' function Sync-NetIPsecRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance[]])] param( [Parameter(ParameterSetName='ByIPsecRuleName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ID','Name')] [ValidateNotNull()] [string[]] ${IPsecRuleName}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode[]] ${Mode}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecIn')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${InboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecOut')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${OutboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${QuickModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase2AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule[]] ${KeyModule}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowWatchKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowSetKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${RemoteTunnelHostname}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${ForwardPathLifetime}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${EncryptedTunnelBypass}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${RequireAuthorization}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${User}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Machine}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase2AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecQuickModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${Servers}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${Domains}, [Parameter ScriptBlock ID: 376b146a-b0a0-4896-bb08-f22ce2f7b858 Path:	4104	1		3	2	15	0	1522	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-b14b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (15 of 19): =$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase2AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecQuickModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPsecRuleName') -and (@('ByIPsecRuleName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPsecRuleName}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Mode') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Mode}) $__cmdletization_queryBuilder.FilterByProperty('Mode', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('InboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OutboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OutboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('OutboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('QuickModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${QuickModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('QuickModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase2AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase2AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase2AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('KeyModule') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${KeyModule}) $__cmdletization_queryBuilder.FilterByProperty('KeyModule', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowWatchKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowWatchKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowWatchKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowSetKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowSetKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowSetKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RemoteTunnelHostname') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemoteTunnelHostname}) $__cmdletization_queryBuilder.FilterByProperty('RemoteTunnelEndpointDNSName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('ForwardPathLifetime') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForwardPathLifetime}) $__cmdletization_queryBuilder.FilterByProperty('MaxReturnPathLifetimeSeconds', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EncryptedTunnelBypass') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EncryptedTunnelBypass}) $__cmdletization_queryBuilder.FilterByProperty('BypassTunnelIfEncrypted', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RequireAuthorization') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RequireAuthorization}) $__cmdletization_queryBuilder.FilterByProperty('RequireAuthorization', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('User') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${User}) $__cmdletization_queryBuilder.FilterByProperty('Users', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Machine') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Machine}) $__cmdletization_queryBuilder.FilterByProperty('Machines', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstan ScriptBlock ID: 376b146a-b0a0-4896-bb08-f22ce2f7b858 Path:	4104	1		3	2	15	0	1521	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-b14b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (14 of 19): me )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Mode') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Mode}) $__cmdletization_queryBuilder.FilterByProperty('Mode', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('InboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OutboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OutboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('OutboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('QuickModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${QuickModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('QuickModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase2AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase2AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase2AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('KeyModule') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${KeyModule}) $__cmdletization_queryBuilder.FilterByProperty('KeyModule', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowWatchKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowWatchKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowWatchKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowSetKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowSetKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowSetKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RemoteTunnelHostname') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemoteTunnelHostname}) $__cmdletization_queryBuilder.FilterByProperty('RemoteTunnelEndpointDNSName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('ForwardPathLifetime') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForwardPathLifetime}) $__cmdletization_queryBuilder.FilterByProperty('MaxReturnPathLifetimeSeconds', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EncryptedTunnelBypass') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EncryptedTunnelBypass}) $__cmdletization_queryBuilder.FilterByProperty('BypassTunnelIfEncrypted', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RequireAuthorization') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RequireAuthorization}) $__cmdletization_queryBuilder.FilterByProperty('RequireAuthorization', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('User') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${User}) $__cmdletization_queryBuilder.FilterByProperty('Users', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Machine') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Machine}) $__cmdletization_queryBuilder.FilterByProperty('Machines', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetConSecRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetConSecRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetConSecRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetConSecRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetConSecRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase2AuthSet') -and (@('ByAssociatedNetIPsecPhase2AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase2AuthSet}, 'MSFT_NetConSecRuleEMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetConSecRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecQuickModeCryptoSet') -and (@('ByAssociatedNetIPsecQuickModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecQuickModeCryptoSet}, 'MSFT_NetConSecRuleQMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetIPsecRule' -Alias '*' function Disable-NetIPsecRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] param( [Parameter(ParameterSetName='ByIPsecRuleName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ID','Name')] [ValidateNotNull()] [string[]] ${IPsecRuleName}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode[]] ${Mode}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecIn')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${InboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecOut')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${OutboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${QuickModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase2AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule[]] ${KeyModule}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowWatchKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowSetKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${RemoteTunnelHostname}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${ForwardPathLifetime}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${EncryptedTunnelBypass}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${RequireAuthorization}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${User}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Machine}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline ScriptBlock ID: 376b146a-b0a0-4896-bb08-f22ce2f7b858 Path:	4104	1		3	2	15	0	1520	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-b14b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (13 of 19): ation_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('CloneObject', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Copy-NetIPsecRule' -Alias '*' function Enable-NetIPsecRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] param( [Parameter(ParameterSetName='ByIPsecRuleName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ID','Name')] [ValidateNotNull()] [string[]] ${IPsecRuleName}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode[]] ${Mode}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecIn')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${InboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecOut')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${OutboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${QuickModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase2AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule[]] ${KeyModule}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowWatchKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowSetKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${RemoteTunnelHostname}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${ForwardPathLifetime}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${EncryptedTunnelBypass}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${RequireAuthorization}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${User}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Machine}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase2AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecQuickModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPsecRuleName') -and (@('ByIPsecRuleName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPsecRuleName}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetNa ScriptBlock ID: 376b146a-b0a0-4896-bb08-f22ce2f7b858 Path:	4104	1		3	2	15	0	1519	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-b14b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (12 of 19): ameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPsecRuleName') -and (@('ByIPsecRuleName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPsecRuleName}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Mode') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Mode}) $__cmdletization_queryBuilder.FilterByProperty('Mode', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('InboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OutboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OutboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('OutboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('QuickModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${QuickModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('QuickModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase2AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase2AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase2AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('KeyModule') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${KeyModule}) $__cmdletization_queryBuilder.FilterByProperty('KeyModule', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowWatchKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowWatchKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowWatchKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowSetKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowSetKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowSetKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RemoteTunnelHostname') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemoteTunnelHostname}) $__cmdletization_queryBuilder.FilterByProperty('RemoteTunnelEndpointDNSName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('ForwardPathLifetime') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForwardPathLifetime}) $__cmdletization_queryBuilder.FilterByProperty('MaxReturnPathLifetimeSeconds', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EncryptedTunnelBypass') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EncryptedTunnelBypass}) $__cmdletization_queryBuilder.FilterByProperty('BypassTunnelIfEncrypted', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RequireAuthorization') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RequireAuthorization}) $__cmdletization_queryBuilder.FilterByProperty('RequireAuthorization', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('User') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${User}) $__cmdletization_queryBuilder.FilterByProperty('Users', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Machine') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Machine}) $__cmdletization_queryBuilder.FilterByProperty('Machines', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetConSecRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetConSecRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetConSecRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetConSecRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetConSecRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase2AuthSet') -and (@('ByAssociatedNetIPsecPhase2AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase2AuthSet}, 'MSFT_NetConSecRuleEMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetConSecRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecQuickModeCryptoSet') -and (@('ByAssociatedNetIPsecQuickModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecQuickModeCryptoSet}, 'MSFT_NetConSecRuleQMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewPolicyStore')) { [object]$__cmdletization_value = ${NewPolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewGPOSession')) { [object]$__cmdletization_value = ${NewGPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletiz ScriptBlock ID: 376b146a-b0a0-4896-bb08-f22ce2f7b858 Path:	4104	1		3	2	15	0	1518	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-b14b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (11 of 19): allPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Rename', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Rename-NetIPsecRule' -Alias '*' function Copy-NetIPsecRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] param( [Parameter(ParameterSetName='ByIPsecRuleName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ID','Name')] [ValidateNotNull()] [string[]] ${IPsecRuleName}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode[]] ${Mode}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecIn')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${InboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecOut')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${OutboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${QuickModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase2AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule[]] ${KeyModule}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowWatchKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowSetKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${RemoteTunnelHostname}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${ForwardPathLifetime}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${EncryptedTunnelBypass}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${RequireAuthorization}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${User}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Machine}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase2AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecQuickModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewPolicyStore}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewGPOSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewName}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Par ScriptBlock ID: 376b146a-b0a0-4896-bb08-f22ce2f7b858 Path:	4104	1		3	2	15	0	1517	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-b14b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (10 of 19): romPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByIPsecRuleName', Mandatory=$true)] [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [Parameter(ParameterSetName='ByQuery', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet', Mandatory=$true)] [Parameter(ParameterSetName='GetAll', Mandatory=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true)] [string] ${NewName}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPsecRuleName') -and (@('ByIPsecRuleName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPsecRuleName}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Mode') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Mode}) $__cmdletization_queryBuilder.FilterByProperty('Mode', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('InboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OutboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OutboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('OutboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('QuickModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${QuickModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('QuickModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase2AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase2AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase2AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('KeyModule') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${KeyModule}) $__cmdletization_queryBuilder.FilterByProperty('KeyModule', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowWatchKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowWatchKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowWatchKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowSetKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowSetKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowSetKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RemoteTunnelHostname') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemoteTunnelHostname}) $__cmdletization_queryBuilder.FilterByProperty('RemoteTunnelEndpointDNSName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('ForwardPathLifetime') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForwardPathLifetime}) $__cmdletization_queryBuilder.FilterByProperty('MaxReturnPathLifetimeSeconds', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EncryptedTunnelBypass') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EncryptedTunnelBypass}) $__cmdletization_queryBuilder.FilterByProperty('BypassTunnelIfEncrypted', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RequireAuthorization') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RequireAuthorization}) $__cmdletization_queryBuilder.FilterByProperty('RequireAuthorization', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('User') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${User}) $__cmdletization_queryBuilder.FilterByProperty('Users', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Machine') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Machine}) $__cmdletization_queryBuilder.FilterByProperty('Machines', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetConSecRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetConSecRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetConSecRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetConSecRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetConSecRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase2AuthSet') -and (@('ByAssociatedNetIPsecPhase2AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase2AuthSet}, 'MSFT_NetConSecRuleEMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetConSecRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecQuickModeCryptoSet') -and (@('ByAssociatedNetIPsecQuickModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecQuickModeCryptoSet}, 'MSFT_NetConSecRuleQMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirew ScriptBlock ID: 376b146a-b0a0-4896-bb08-f22ce2f7b858 Path:	4104	1		3	2	15	0	1516	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-b14b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (9 of 19): $__cmdletization_queryBuilder.FilterByProperty('RequireAuthorization', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('User') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${User}) $__cmdletization_queryBuilder.FilterByProperty('Users', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Machine') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Machine}) $__cmdletization_queryBuilder.FilterByProperty('Machines', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetConSecRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetConSecRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetConSecRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetConSecRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetConSecRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase2AuthSet') -and (@('ByAssociatedNetIPsecPhase2AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase2AuthSet}, 'MSFT_NetConSecRuleEMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetConSecRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecQuickModeCryptoSet') -and (@('ByAssociatedNetIPsecQuickModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecQuickModeCryptoSet}, 'MSFT_NetConSecRuleQMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetIPsecRule' -Alias '*' function Rename-NetIPsecRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] param( [Parameter(ParameterSetName='ByIPsecRuleName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ID','Name')] [ValidateNotNull()] [string[]] ${IPsecRuleName}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode[]] ${Mode}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecIn')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${InboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecOut')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${OutboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${QuickModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase2AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule[]] ${KeyModule}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowWatchKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowSetKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${RemoteTunnelHostname}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${ForwardPathLifetime}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${EncryptedTunnelBypass}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${RequireAuthorization}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${User}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Machine}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase2AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecQuickModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueF ScriptBlock ID: 376b146a-b0a0-4896-bb08-f22ce2f7b858 Path:	4104	1		3	2	15	0	1515	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-b14b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (8 of 19): ${Phase2AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule[]] ${KeyModule}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowWatchKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowSetKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${RemoteTunnelHostname}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${ForwardPathLifetime}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${EncryptedTunnelBypass}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${RequireAuthorization}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${User}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Machine}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase2AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecQuickModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPsecRuleName') -and (@('ByIPsecRuleName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPsecRuleName}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Mode') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Mode}) $__cmdletization_queryBuilder.FilterByProperty('Mode', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('InboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OutboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OutboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('OutboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('QuickModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${QuickModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('QuickModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase2AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase2AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase2AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('KeyModule') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${KeyModule}) $__cmdletization_queryBuilder.FilterByProperty('KeyModule', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowWatchKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowWatchKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowWatchKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowSetKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowSetKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowSetKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RemoteTunnelHostname') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemoteTunnelHostname}) $__cmdletization_queryBuilder.FilterByProperty('RemoteTunnelEndpointDNSName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('ForwardPathLifetime') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForwardPathLifetime}) $__cmdletization_queryBuilder.FilterByProperty('MaxReturnPathLifetimeSeconds', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EncryptedTunnelBypass') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EncryptedTunnelBypass}) $__cmdletization_queryBuilder.FilterByProperty('BypassTunnelIfEncrypted', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RequireAuthorization') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RequireAuthorization}) ScriptBlock ID: 376b146a-b0a0-4896-bb08-f22ce2f7b858 Path:	4104	1		3	2	15	0	1514	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-b14b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (7 of 19): rosoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowSetKey'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalTunnelEndpoint')) { [object]$__cmdletization_value = ${LocalTunnelEndpoint} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalTunnelEndpoint'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalTunnelEndpoint'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteTunnelEndpoint')) { [object]$__cmdletization_value = ${RemoteTunnelEndpoint} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteTunnelEndpoint'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteTunnelEndpoint'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteTunnelHostname')) { [object]$__cmdletization_value = ${RemoteTunnelHostname} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteTunnelEndpointDNSName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteTunnelEndpointDNSName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ForwardPathLifetime')) { [object]$__cmdletization_value = ${ForwardPathLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxReturnPathLifetimeSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxReturnPathLifetimeSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EncryptedTunnelBypass')) { [object]$__cmdletization_value = ${EncryptedTunnelBypass} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BypassTunnelIfEncrypted'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BypassTunnelIfEncrypted'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RequireAuthorization')) { [object]$__cmdletization_value = ${RequireAuthorization} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RequireAuthorization'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RequireAuthorization'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('User')) { [object]$__cmdletization_value = ${User} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Users'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Users'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Machine')) { [object]$__cmdletization_value = ${Machine} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Machines'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Machines'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalAddress')) { [object]$__cmdletization_value = ${LocalAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteAddress')) { [object]$__cmdletization_value = ${RemoteAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Protocol')) { [object]$__cmdletization_value = ${Protocol} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalPort')) { [object]$__cmdletization_value = ${LocalPort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalPort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalPort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemotePort')) { [object]$__cmdletization_value = ${RemotePort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemotePort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemotePort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceAlias')) { [object]$__cmdletization_value = ${InterfaceAlias} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceAlias'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceAlias'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceType')) { [object]$__cmdletization_value = ${InterfaceType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetIPsecRule' -Alias '*' function Remove-NetIPsecRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] param( [Parameter(ParameterSetName='ByIPsecRuleName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ID','Name')] [ValidateNotNull()] [string[]] ${IPsecRuleName}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode[]] ${Mode}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecIn')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${InboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecOut')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${OutboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${QuickModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ScriptBlock ID: 376b146a-b0a0-4896-bb08-f22ce2f7b858 Path:	4104	1		3	2	15	0	1513	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-b14b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 19): ] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType] ${InterfaceType}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPsecRuleName') -and (@('ByIPsecRuleName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPsecRuleName}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByDisplayGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByIPsecRuleName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewDisplayName')) { [object]$__cmdletization_value = ${NewDisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Profile')) { [object]$__cmdletization_value = ${Profile} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Platform')) { [object]$__cmdletization_value = ${Platform} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Mode')) { [object]$__cmdletization_value = ${Mode} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Mode'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Mode'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InboundSecurity')) { [object]$__cmdletization_value = ${InboundSecurity} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InboundSecurity'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InboundSecurity'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('OutboundSecurity')) { [object]$__cmdletization_value = ${OutboundSecurity} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'OutboundSecurity'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'OutboundSecurity'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('QuickModeCryptoSet')) { [object]$__cmdletization_value = ${QuickModeCryptoSet} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'QuickModeCryptoSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'QuickModeCryptoSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Phase1AuthSet')) { [object]$__cmdletization_value = ${Phase1AuthSet} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase1AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase1AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Phase2AuthSet')) { [object]$__cmdletization_value = ${Phase2AuthSet} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase2AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase2AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('KeyModule')) { [object]$__cmdletization_value = ${KeyModule} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'KeyModule'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'KeyModule'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowWatchKey')) { [object]$__cmdletization_value = ${AllowWatchKey} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowWatchKey'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowWatchKey'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowSetKey')) { [object]$__cmdletization_value = ${AllowSetKey} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowSetKey'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Mic ScriptBlock ID: 376b146a-b0a0-4896-bb08-f22ce2f7b858 Path:	4104	1		3	2	15	0	1512	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-b14b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 19): tization_values = @(${User}) $__cmdletization_queryBuilder.FilterByProperty('Users', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Machine') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Machine}) $__cmdletization_queryBuilder.FilterByProperty('Machines', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetConSecRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetConSecRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetConSecRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetConSecRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetConSecRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase2AuthSet') -and (@('ByAssociatedNetIPsecPhase2AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase2AuthSet}, 'MSFT_NetConSecRuleEMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetConSecRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecQuickModeCryptoSet') -and (@('ByAssociatedNetIPsecQuickModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecQuickModeCryptoSet}, 'MSFT_NetConSecRuleQMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPsecRule' -Alias '*' function Set-NetIPsecRule { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] param( [Parameter(ParameterSetName='ByIPsecRuleName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ID','Name')] [ValidateNotNull()] [string[]] ${IPsecRuleName}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByDisplayGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewDisplayName}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Description}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled] ${Enabled}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile] ${Profile}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${Platform}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode] ${Mode}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('SecIn')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy] ${InboundSecurity}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('SecOut')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy] ${OutboundSecurity}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${QuickModeCryptoSet}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Phase2AuthSet}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule] ${KeyModule}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${AllowWatchKey}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${AllowSetKey}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${LocalTunnelEndpoint}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${RemoteTunnelEndpoint}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${RemoteTunnelHostname}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${ForwardPathLifetime}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${EncryptedTunnelBypass}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${RequireAuthorization}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${User}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Machine}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${LocalAddress}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${RemoteAddress}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Protocol}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${LocalPort}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${RemotePort}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [WildcardPattern[]] ${InterfaceAlias}, [Parameter(ParameterSetName='ByIPsecRuleName') ScriptBlock ID: 376b146a-b0a0-4896-bb08-f22ce2f7b858 Path:	4104	1		3	2	15	0	1511	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-b14b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 19): er(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode[]] ${Mode}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecIn')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${InboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecOut')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${OutboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${QuickModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase2AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule[]] ${KeyModule}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowWatchKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowSetKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${RemoteTunnelHostname}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${ForwardPathLifetime}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${EncryptedTunnelBypass}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${RequireAuthorization}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${User}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Machine}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase2AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecQuickModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPsecRuleName') -and (@('ByIPsecRuleName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPsecRuleName}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Mode') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Mode}) $__cmdletization_queryBuilder.FilterByProperty('Mode', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('InboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OutboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OutboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('OutboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('QuickModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${QuickModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('QuickModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase2AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase2AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase2AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('KeyModule') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${KeyModule}) $__cmdletization_queryBuilder.FilterByProperty('KeyModule', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowWatchKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowWatchKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowWatchKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowSetKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowSetKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowSetKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RemoteTunnelHostname') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemoteTunnelHostname}) $__cmdletization_queryBuilder.FilterByProperty('RemoteTunnelEndpointDNSName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('ForwardPathLifetime') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForwardPathLifetime}) $__cmdletization_queryBuilder.FilterByProperty('MaxReturnPathLifetimeSeconds', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EncryptedTunnelBypass') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EncryptedTunnelBypass}) $__cmdletization_queryBuilder.FilterByProperty('BypassTunnelIfEncrypted', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RequireAuthorization') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RequireAuthorization}) $__cmdletization_queryBuilder.FilterByProperty('RequireAuthorization', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('User') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdle ScriptBlock ID: 376b146a-b0a0-4896-bb08-f22ce2f7b858 Path:	4104	1		3	2	15	0	1510	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-b14b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 19): as'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceAlias'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceType')) { [object]$__cmdletization_value = ${InterfaceType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:CreateInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetIPsecRule' -Alias '*' function Show-NetIPsecRule { [CmdletBinding(PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance[]])][OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/NetSecurityDeepEnumElement')] param( [Parameter(ParameterSetName='EnumerateFull1')] [string] ${PolicyStore}, [Parameter(ParameterSetName='EnumerateFull1')] [string] ${GPOSession}, [Parameter(ParameterSetName='EnumerateFull1')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='EnumerateFull1')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='EnumerateFull1')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GPOSession')) { [object]$__cmdletization_value = ${GPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Dependents'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameter.ParameterTypeName = 'Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/NetSecurityDeepEnumElement' $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('EnumerateFull', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Show-NetIPsecRule' -Alias '*' function Find-NetIPsecRule { [CmdletBinding(PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance[]])] param( [Parameter(ParameterSetName='Find2')] [string] ${LocalAddress}, [Parameter(ParameterSetName='Find2', Mandatory=$true)] [string] ${RemoteAddress}, [Parameter(ParameterSetName='Find2')] [string] ${Protocol}, [Parameter(ParameterSetName='Find2')] [uint16] ${LocalPort}, [Parameter(ParameterSetName='Find2')] [uint16] ${RemotePort}, [Parameter(ParameterSetName='Find2')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Find2')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Find2')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalAddress')) { [object]$__cmdletization_value = ${LocalAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteAddress')) { [object]$__cmdletization_value = ${RemoteAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Protocol')) { [object]$__cmdletization_value = ${Protocol} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalPort')) { [object]$__cmdletization_value = ${LocalPort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalPort'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalPort'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemotePort')) { [object]$__cmdletization_value = ${RemotePort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemotePort'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemotePort'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Find', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Find-NetIPsecRule' -Alias '*' function Get-NetIPsecRule { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] param( [Parameter(ParameterSetName='ByIPsecRuleName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ID','Name')] [ValidateNotNull()] [string[]] ${IPsecRuleName}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Paramet ScriptBlock ID: 376b146a-b0a0-4896-bb08-f22ce2f7b858 Path:	4104	1		3	2	15	0	1509	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-b14b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 19): $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'OutboundSecurity'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('QuickModeCryptoSet')) { [object]$__cmdletization_value = ${QuickModeCryptoSet} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'QuickModeCryptoSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'QuickModeCryptoSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Phase1AuthSet')) { [object]$__cmdletization_value = ${Phase1AuthSet} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase1AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase1AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Phase2AuthSet')) { [object]$__cmdletization_value = ${Phase2AuthSet} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase2AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase2AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('KeyModule')) { [object]$__cmdletization_value = ${KeyModule} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'KeyModule'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'KeyModule'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowWatchKey')) { [object]$__cmdletization_value = ${AllowWatchKey} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowWatchKey'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowWatchKey'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowSetKey')) { [object]$__cmdletization_value = ${AllowSetKey} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowSetKey'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowSetKey'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalTunnelEndpoint')) { [object]$__cmdletization_value = ${LocalTunnelEndpoint} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalTunnelEndpoint'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalTunnelEndpoint'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteTunnelEndpoint')) { [object]$__cmdletization_value = ${RemoteTunnelEndpoint} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteTunnelEndpoint'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteTunnelEndpoint'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteTunnelHostname')) { [object]$__cmdletization_value = ${RemoteTunnelHostname} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteTunnelEndpointDNSName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteTunnelEndpointDNSName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ForwardPathLifetime')) { [object]$__cmdletization_value = ${ForwardPathLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxReturnPathLifetimeSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxReturnPathLifetimeSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EncryptedTunnelBypass')) { [object]$__cmdletization_value = ${EncryptedTunnelBypass} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BypassTunnelIfEncrypted'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BypassTunnelIfEncrypted'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RequireAuthorization')) { [object]$__cmdletization_value = ${RequireAuthorization} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RequireAuthorization'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RequireAuthorization'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('User')) { [object]$__cmdletization_value = ${User} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Users'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Users'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Machine')) { [object]$__cmdletization_value = ${Machine} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Machines'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Machines'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalAddress')) { [object]$__cmdletization_value = ${LocalAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteAddress')) { [object]$__cmdletization_value = ${RemoteAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Protocol')) { [object]$__cmdletization_value = ${Protocol} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalPort')) { [object]$__cmdletization_value = ${LocalPort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalPort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalPort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemotePort')) { [object]$__cmdletization_value = ${RemotePort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemotePort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemotePort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceAlias')) { [object]$__cmdletization_value = ${InterfaceAlias} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceAli ScriptBlock ID: 376b146a-b0a0-4896-bb08-f22ce2f7b858 Path:	4104	1		3	2	15	0	1508	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-b14b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 19): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetConSecRule' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetIPsecRule { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] param( [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${PolicyStore}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${GPOSession}, [Parameter(ParameterSetName='cim:CreateInstance0', ValueFromPipelineByPropertyName=$true)] [Alias('ID','Name')] [string] ${IPsecRuleName}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [string] ${DisplayName}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Description}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Group}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled] ${Enabled}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile] ${Profile}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${Platform}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode] ${Mode}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('SecIn')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy] ${InboundSecurity}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('SecOut')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy] ${OutboundSecurity}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${QuickModeCryptoSet}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Phase1AuthSet}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Phase2AuthSet}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule] ${KeyModule}, [Parameter(ParameterSetName='cim:CreateInstance0')] [bool] ${AllowWatchKey}, [Parameter(ParameterSetName='cim:CreateInstance0')] [bool] ${AllowSetKey}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${LocalTunnelEndpoint}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${RemoteTunnelEndpoint}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${RemoteTunnelHostname}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${ForwardPathLifetime}, [Parameter(ParameterSetName='cim:CreateInstance0')] [bool] ${EncryptedTunnelBypass}, [Parameter(ParameterSetName='cim:CreateInstance0')] [bool] ${RequireAuthorization}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${User}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Machine}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${LocalAddress}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${RemoteAddress}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Protocol}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${LocalPort}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${RemotePort}, [Parameter(ParameterSetName='cim:CreateInstance0')] [WildcardPattern[]] ${InterfaceAlias}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType] ${InterfaceType}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GPOSession')) { [object]$__cmdletization_value = ${GPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPsecRuleName')) { [object]$__cmdletization_value = ${IPsecRuleName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisplayName')) { [object]$__cmdletization_value = ${DisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Group')) { [object]$__cmdletization_value = ${Group} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Profile')) { [object]$__cmdletization_value = ${Profile} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Platform')) { [object]$__cmdletization_value = ${Platform} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Mode')) { [object]$__cmdletization_value = ${Mode} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Mode'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Mode'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InboundSecurity')) { [object]$__cmdletization_value = ${InboundSecurity} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InboundSecurity'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InboundSecurity'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('OutboundSecurity')) { [object]$__cmdletization_value = ${OutboundSecurity} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'OutboundSecurity'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { ScriptBlock ID: 376b146a-b0a0-4896-bb08-f22ce2f7b858 Path:	4104	1		3	2	15	0	1507	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2744	88	nch2-master-1	S-1-5-21-129831974-2888240955-643434934-1001	1/1/2022 8:29:01 PM	839e3e65-ff4b-0000-b14b-9e834bffd701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]